Missing gap to Avoid Storage Collisions

Summary

The contracts in scope are intended to be upgradable smart contracts but do not have a __gap variable. In upgradeable contracts, it's crucial to include a _gap to ensure that any additional storage variables added in future contract upgrades do not collide with existing storage variables. This is especially important when inheriting from multiple upgradeable contracts.

For example EthosAttestation contract is upgradable withoud __gap[] variable.

Root Cause

No response

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

No response

Impact

No response

PoC

No response

Mitigation

Include a _gap as the last storage variable to all contracts that are intented to be upgradable contracts to reserve space for future storage variables and prevent storage collisions. This is a common practice to ensure compatibility and avoid issues when upgrading the contract in the future.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

002.md

002.md

Missing gap to Avoid Storage Collisions

Summary

Root Cause

Internal pre-conditions

External pre-conditions

Attack Path

Impact

PoC

Mitigation

Files

002.md

Latest commit

History

002.md

File metadata and controls

Missing gap to Avoid Storage Collisions

Summary

Root Cause

Internal pre-conditions

External pre-conditions

Attack Path

Impact

PoC

Mitigation