Code4renaCODE423N4:2022-08-RIGOR-FINDINGS-ISSUES-394Upgradeable contract is missing a __gap[50] storage variable to allow for new storage variables in later versions
Lines of code
<https://github.com/code-423n4/2022-08-rigor/blob/f2498c86dbd0e265f82ec76d9ec576442e896a87/contracts/HomeFi.sol#L27-L32>
<https://github.com/code-423n4/2022-08-rigor/blob/e35f5f61be9ff4b8dc5153e313419ac42964d1fd/contracts/ProjectFactory.sol#L16-L20>
<https://github.com/code-423n4/2022-08-rigor/blob/f2498c86dbd0e265f82ec76d9ec576442e896a87/contracts/Project.sol#L24-L28>
<https://github.com/code-423n4/2022-08-rigor/blob/e35f5f61be9ff4b8dc5153e313419ac42964d1fd/contracts/Community.sol#L21-L26>
<https://github.com/code-423n4/2022-08-rigor/blob/f2498c86dbd0e265f82ec76d9ec576442e896a87/contracts/Disputes.sol#L17-L21>
<https://github.com/code-423n4/2022-08-rigor/blob/e35f5f61be9ff4b8dc5153e313419ac42964d1fd/contracts/DebtToken.sol#L11>
Vulnerability details
Upgradeable contract is missing a __gap[50] storage variable to allow for new storage variables in later versions
Impact
For upgradeable contracts, there must be storage gap to βallow developers to freely add new state variables in the future without compromising the storage compatibility with existing deploymentsβ (quote OpenZeppelin). Otherwise it may be very difficult to write new implementation code. Without storage gap, the variable in child contract might be overwritten by the upgraded base contract if new variables are added to the base contract. This could have unintended and very serious consequences to the child contracts, potentially causing loss of user fund or cause the contract to malfunction completely.
See:
<https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps>
For a description of this storage variable. While some contracts may not currently be sub-classed, adding the variable now protects against forgetting to add it in the future.
Proof of Concept
In the following context of the upgradeable contracts they are expected to use gaps for avoiding collision:
- HomeFiProxy
- HomeFi
- Community
- Disputes
- ProjectFactory
- DebtTokens
However, none of these contracts contain storage gap. The storage gap is essential for upgradeable contract because βIt allows us to freely add new state variables in the future without compromising the storage compatibility with existing deploymentsβ. Refer to the bottom part of this article:
<https://docs.openzeppelin.com/contracts/3.x/upgradeable>
If a contract inheriting from a base contract contains additional variable, then the base contract cannot be upgraded to include any additional variable, because it would overwrite the variable declared in its child contract. This greatly limits contract upgradeability.
##Github Permalinks
<https://github.com/code-423n4/2022-08-rigor/blob/f2498c86dbd0e265f82ec76d9ec576442e896a87/contracts/HomeFi.sol#L27-L32>
<https://github.com/code-423n4/2022-08-rigor/blob/e35f5f61be9ff4b8dc5153e313419ac42964d1fd/contracts/ProjectFactory.sol#L16-L20>
<https://github.com/code-423n4/2022-08-rigor/blob/f2498c86dbd0e265f82ec76d9ec576442e896a87/contracts/Project.sol#L24-L28>
<https://github.com/code-423n4/2022-08-rigor/blob/e35f5f61be9ff4b8dc5153e313419ac42964d1fd/contracts/Community.sol#L21-L26>
<https://github.com/code-423n4/2022-08-rigor/blob/f2498c86dbd0e265f82ec76d9ec576442e896a87/contracts/Disputes.sol#L17-L21>
<https://github.com/code-423n4/2022-08-rigor/blob/e35f5f61be9ff4b8dc5153e313419ac42964d1fd/contracts/DebtToken.sol#L11>
Tools Used
Manual analysis
Recommended Mitigation Steps
Recommend adding appropriate storage gap at the end of upgradeable contracts such as the below. Please reference OpenZeppelin upgradeable contract templates.
uint256[50] private __gap;
The text was updated successfully, but these errors were encountered:
π 2 horsefacts and 0xA5DF reacted with eyes emoji
All reactions
- π 2 reactions