Submission Details
Severity:
Storage Collision Risk Between LevelOne and LevelTwo Smart Contracts When Upgrading
When upgrading from LevelOne to LevelTwo, the order and types of state variables must match exactly to prevent storage collisions If they don’t, variables in LevelTwo could read/write to wrong storage slots corrupting data in the Smart Contract
The Variables in LevelOne Smart Contract
address principal;
bool inSession;
uint256 schoolFees;
uint256 public immutable reviewTime = 1 weeks;
uint256 public sessionEnd;
uint256 public bursary;
uint256 public cutOffScore;
mapping(address => bool) public isTeacher;
mapping(address => bool) public isStudent;
mapping(address => uint256) public studentScore;
mapping(address => uint256) private reviewCount;
mapping(address => uint256) private lastReviewTime;
address[] listOfStudents;
address[] listOfTeachers;
uint256 public constant TEACHER_WAGE = 35; // 35%
uint256 public constant PRINCIPAL_WAGE = 5; // 5%
uint256 public constant PRECISION = 100;
And the Variables defined in LevelTwo
address principal;
bool inSession;
uint256 public sessionEnd;
uint256 public bursary;
uint256 public cutOffScore;
mapping(address => bool) public isTeacher;
mapping(address => bool) public isStudent;
mapping(address => uint256) public studentScore;
address[] listOfStudents;
address[] listOfTeachers;
uint256 public constant TEACHER_WAGE_L2 = 40;
uint256 public constant PRINCIPAL_WAGE_L2 = 5;
uint256 public constant PRECISION = 100;
IERC20 usdc;
And as it can be seen that there is a little difference in them and their storage slots as well which will lead to storage collision during the upgrade of the smart contracts , which will lead to overwritting of data in the smart contract and lead to loss of data or Access Controls once they are over written due to storage collisions
Overwritting of Storage Slots of the previous smart contract after upgrading which may lead to loss of data in the smart contract rendering the smart contract worthless
Tools Used is only Visual Studio Code for a Small Codebase
Both the two Smart Contracts Should have the same Consistency in their Variables defined and used and their storage slots should be the same in both the smart contracts so that it does not lead to misinterpretation of storage variables which may lead to overwritting and loss of data in the smart contract which may also render the smart contract worthless
Rewards breakdown
nSLOC
243This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.