parzival - Stablecoin.sol and AmirX.sol are upgradable contracts but inherit from contracts that does not have storage gap
#217
Comments
sherlock-admin3
changed the title
Stablecoin.sol and AmirX.sol are upgradable contracts but inherit from contracts that does not have storage gapStablecoin.sol and AmirX.sol are upgradable contracts but inherit from contracts that does not have storage gap
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
parzival
Medium
Stablecoin.solandAmirX.solare upgradable contracts but inherit from contracts that does not have storage gapSummary
Stablecoin.solinherits fromBlacklist.solandAmirX.solinherits fromStablecoinHandler.solboth of which contains storage variables but does not have gap variables in them. These gap variables are necessary since the contracts are intended to be upgradable and no gap can lead to storage collisions.Root Cause
In
StablecoinHandler.sol:21and[Blacklist.sol:14](https://github.com/sherlock-audit/2024-11-telcoin/blob/main/telcoin-audit/contracts/util/abstract/Blacklist.sol#L14)we can see storage variables being created in the parent contracts. If proper gap variables are not added then upgrading these contracts might lead to storage collisions.Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
No response
PoC
Already explained in the Summary and root cause.
Mitigation
Add storage gaps to all inherited contracts that contain storage variables.
The text was updated successfully, but these errors were encountered: