Late Hotpink Dinosaur
Medium
Missing required EIP-1967 storage slots while claiming EIP-1967 compliance and using its namespace incorrectly may cause proxy upgrade failures and storage collisions for protocol users as proxy administrators cannot manage implementations and storage slots may conflict with other protocols.
In Stablecoin.sol there are two critical issues:
Claims EIP-1967 compliance but missing mandated slots:
/ MISSING as none of the EIP-1967 standard slots are implemented
// implementation slot - not defined
// admin slot - not defined
// beacon slot - not definedIncorrectly uses EIP-1967 namespace for decimals: https://github.com/sherlock-audit/2024-11-telcoin/blob/main/telcoin-audit/contracts/stablecoin/Stablecoin.sol#L27
/**
* @dev Storage slot with the address of the current implementation.
* This is the keccak-256 hash of "eip1967.telcoin.Stablecoin.decimals" subtracted by 1.
*/
bytes32 internal constant DECIMALS_SLOT =
0x86386409a65c1a7f963bc51852fa7ecbdb9cad2cec464de22ee4591e1622b46b;No response
No response
No response
The protocol is not compliant with EIP-1967
Is the codebase expected to comply with any EIPs? Can there be/are there any deviations from the specification?
Most all contracts will be behind proxies and should comply with eip-1967. That said, it is not the auditor's responsibility to verify that the contract is currently backwards compatible with an existing deployment.
No response
No response