Hawk High
First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Manual Redeclaration of LevelOne Storage in LevelTwo Causes Storage Slot Misalignment

phylax

Summary

The storage slots in LevelTwocontract are misaligned because of redeclaring storage variables from LevelOnecontract and missing to add schoolFees, reviewCount, and lastReviewTime.

Impact

Storage slot misalignment can completly corrupt contract's state, potentially breaking core functionality or even locked funds.

Tools Used

Manual code review

Recommendations

(1)Either inherit LevelOnecontract so LevelTwoextends LevelOnestorage layout or (2)manually re-declare all storage variables of LevelOnein LevelTwocontract in correct order.

  • Inherit LevelOnecontract and remove all redeclared state varaiables:

+ import {LevelOne} from "./LevelOne.sol";
+ contract LevelTwo is LevelOne {
// Remove all redeclared state variables
// ─── All LevelOne slots are inherited intact ───

  • Redelaring all state variables in correct order:

contract LevelTwo is Initializable {
using SafeERC20 for IERC20;
address principal;
bool inSession;
+ uint256 schoolFees;
uint256 public sessionEnd;
uint256 public bursary;
uint256 public cutOffScore;
mapping(address => bool) public isTeacher;
mapping(address => bool) public isStudent;
mapping(address => uint256) public studentScore;
+ mapping(address => uint256) private reviewCount;
+ mapping(address => uint256) private lastReviewTime;
address[] listOfStudents;
address[] listOfTeachers;
uint256 public constant TEACHER_WAGE_L2 = 40;
uint256 public constant PRINCIPAL_WAGE_L2 = 5;
uint256 public constant PRECISION = 100;
IERC20 usdc;
// code as is
Updates

Lead Judging Commences

yeahchibyke Lead Judge about 2 months ago
Submission Judgement Published
Validated
Assigned finding tags:

storage collision

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.