The referenced _gap variable is meant to indicate an OpenZeppelin like variable that reserves a gap during compilation for future upgrades of the contract that may wish to utilize storage slots.
The methodology it is calculated is non-standard within the Gravita Protocol repository.
Impact:
While proper upgrades would not result in an error, the non-standard way to calculate the array's size currently employed can lead to significant data corruption if the length is improperly updated in a consequent logic update.
Example:
uint256[40] private __gap;
Recommendation:
We advise the length of the array to be calculated by subtracting the total number of storage slots reserved by the contract currently from the value of 50.
In the current instance, this would yield us 50 as the contract does not reserve any storage slots (constant values are located in bytecode, not in the contract's storage space).
Acknowledged. The original Gravita mainnet deployment used a gap size of 40, reserving a space on the layout a bit smaller than the OpenZeppelin default.
AMT-01M: Incorrect Specification of Gap
Description:
The referenced
_gap
variable is meant to indicate an OpenZeppelin like variable that reserves a gap during compilation for future upgrades of the contract that may wish to utilize storage slots.The methodology it is calculated is non-standard within the Gravita Protocol repository.
Impact:
While proper upgrades would not result in an error, the non-standard way to calculate the array's size currently employed can lead to significant data corruption if the
length
is improperly updated in a consequent logic update.Example:
Recommendation:
We advise the
length
of the array to be calculated by subtracting the total number of storage slots reserved by the contract currently from the value of50
.In the current instance, this would yield us
50
as the contract does not reserve any storage slots (constant
values are located in bytecode, not in the contract's storage space).