search

Gravita-Protocol / Gravita-SmartContracts

GNU General Public License v3.0
48 stars 31 forks source link

[ACE-01M] Incorrect Specification of Gap #374

Closed 0xfornax closed 1 year ago

0xfornax commented 1 year ago

ACE-01M: Incorrect Specification of Gap

Type Severity Location
Standard Conformity AddressesConfigurable.sol:L33

Description:

The referenced _gap variable is meant to indicate an OpenZeppelin like variable that reserves a gap during compilation for future upgrades of the contract that may wish to utilize storage slots.

The methodology it is calculated is non-standard within the Gravita Protocol repository.

Impact:

While proper upgrades would not result in an error, the non-standard way to calculate the array's size currently employed can lead to significant data corruption if the length is improperly updated in a consequent logic update.

Example:

uint256[47] private __gap;

Recommendation:

We advise the length of the array to be calculated by subtracting the total number of storage slots reserved by the contract currently from the value of 50.

In the current instance, this would yield us 33 as the contract reserves 17 storage slots.

spider-g commented 1 year ago

Acknowledged and done, __gap was set to 33 on AddressesConfigurable.sol.