The referenced _gap variable is meant to indicate an OpenZeppelin like variable that reserves a gap during compilation for future upgrades of the contract that may wish to utilize storage slots.
The methodology it is calculated is non-standard within the Gravita Protocol repository.
Impact:
While proper upgrades would not result in an error, the non-standard way to calculate the array's size currently employed can lead to significant data corruption if the length is improperly updated in a consequent logic update.
Example:
uint256[47] private __gap;
Recommendation:
We advise the length of the array to be calculated by subtracting the total number of storage slots reserved by the contract currently from the value of 50.
In the current instance, this would yield us 33 as the contract reserves 17 storage slots.
ACE-01M: Incorrect Specification of Gap
Description:
The referenced
_gap
variable is meant to indicate an OpenZeppelin like variable that reserves a gap during compilation for future upgrades of the contract that may wish to utilize storage slots.The methodology it is calculated is non-standard within the Gravita Protocol repository.
Impact:
While proper upgrades would not result in an error, the non-standard way to calculate the array's size currently employed can lead to significant data corruption if the
length
is improperly updated in a consequent logic update.Example:
Recommendation:
We advise the
length
of the array to be calculated by subtracting the total number of storage slots reserved by the contract currently from the value of50
.In the current instance, this would yield us
33
as the contract reserves17
storage slots.