Hawk High

First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Submission Details
Severity: medium
Valid

Storage Slot Collision in Upgradeable Proxy Contract

Summary

In your upgrade, you removed or reordered state variables, specifically schoolFees, reviewTime, and some mappings. Because Solidity stores variables in fixed storage slots, this change means the new contract's variables will overwrite or misinterpret the existing storage, leading to unpredictable behavior, logic errors, or even loss of funds.

Vulnerability Details
https://github.com/CodeHawks-Contests/2025-05-hawk-high/blob/3a7251910c31739505a8699c7a0fc1b7de2c30b5/src\LevelTwo.sol#L13-L13
sessionEnd will now read from the old schoolFees slot — making session management break.

  • bursary, cutOffScore, and others may point to incorrect or uninitialized data.

  • Mappings (reviewCount, lastReviewTime) were removed — any logic depending on them is now broken.

Impact

Corrupt session management logic.

Tools Used

manual review

Recommendations
Reintroduce all original variables in the same order.

  • Never remove or reorder variables in upgradeable contracts.

  • Use Storage base contracts to manage layout safely.

  • Optionally use OpenZeppelin’s Upgrades Plugins to detect layout incompatibility automatically.

Updates

Lead Judging Commences

yeahchibyke Lead Judge 2 months ago
Submission Judgement Published
Validated
Assigned finding tags:

storage collision

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.