TessKimy - Missing gap on upgradable contract #218
Comments
sherlock-admin3
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
sherlock-admin3
changed the title
TessKimy
Medium
Missing gap on upgradable contract
Summary
Missing gap on upgradable contract
Root Cause
Due to missing gap in Stablecoinhandler contract. Contract cannot be upgraded properly in future versions.
AmirX still can be upgradable using the last storage of the contract but we can't upgrade Stablecoinhandler and reflect those changes to AmirX contract. If we make any change on Stablecoinhandler, it will cause storage collusion due to improper handling.
Impact
Medium - Protocol can't upgrade Stablecoinhandler because in AmirX the state variables of the Stablecoinhandler is stored at the top of the AmirX contract and then the state variables of AmirX comes in the storage.
In conclusion, any change on Stablecoinhandler will overwrite to AmirX storage variables and the data will corrupted.
Mitigation
Add simple
__gapat the end of the state variable definitions of StablecoinhandlerThe text was updated successfully, but these errors were encountered: