Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Boxy Gingham Condor - Lack of Reserved Storage Slots for Future Upgrades #50

Open
sherlock-admin3 opened this issue Dec 21, 2024 · 0 comments
Open

Boxy Gingham Condor - Lack of Reserved Storage Slots for Future Upgrades #50

sherlock-admin3 opened this issue Dec 21, 2024 · 0 comments
Labels
Sponsor Confirmed The sponsor acknowledged this issue is valid Won't Fix The sponsor confirmed this issue will not be fixed

Comments

@sherlock-admin3
Copy link
Contributor

Boxy Gingham Condor

Medium

Lack of Reserved Storage Slots for Future Upgrades

Summary

The PriceOracleAggregator contract inherits from the UUPSUpgradeable and Ownable2StepUpgradeable modules, enabling it to support upgrades. However, the contract does not include reserved storage slots to prevent storage layout collisions in future upgrades.

When new state variables are added in a subsequent upgrade, they may overwrite storage occupied by other variables, resulting in unexpected behavior or loss of data. This issue is particularly critical for proxy-based upgradeable contracts, where the storage layout must remain consistent across versions.

Add reserved storage slots to the contract for future upgrades. This ensures that additional state variables can be safely introduced without affecting the storage layout.

    //PriceOracleAggregator.sol
    //@audit Add reserved storage slots
    uint256[50] private __gap; // Reserved storage slots for future upgrades
@sherlock-admin3 sherlock-admin3 added Won't Fix The sponsor confirmed this issue will not be fixed Sponsor Confirmed The sponsor acknowledged this issue is valid labels Dec 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Sponsor Confirmed The sponsor acknowledged this issue is valid Won't Fix The sponsor confirmed this issue will not be fixed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin3