Unsafe use of Immutable variable could lead to unexpected behaviour and inconsistencies in future upgrade
Summary
The variable reviewTime is Immutable as this has a particular negative effect, given that the contract is upgradeable as explained below
Vulnerability Details
According to Openzeppelin docs and the forum UUPS: Why is immutable considered unsafe? - Support / Upgrades - OpenZeppelin Forum and Frequently Asked Questions - OpenZeppelin Docs use of immutable variable in upgradable smart contracts is considered unsafe because Immutable variables in Solidity are not stored in the proxy's storage, but rather in the contract's bytecode. This means their values are baked in during deployment and cannot be changed during upgrades or through function calls and thus they become inaccessible in future upgrades
Impact
The variable reviewTime could become inaccessible in future upgrades and thus breaking a core functionality of the protocol that checks that enough time has passed before the next review
Tools Used
Manual Review
Recommendations
Avoid use of immutable variables in upgradeable contracts
Lead Judging Commences
unsafe immutable use
Immutable variables are stored in the bytecode of the contract. hence, they should only be used for values that will not change across upgrades.
unsafe immutable use
Immutable variables are stored in the bytecode of the contract. hence, they should only be used for values that will not change across upgrades.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.