trust1995
commented
1 year ago Dup of #306
Closed code423n4 closed 1 year ago
trust1995
commented
1 year ago Dup of #306
0xean
commented
1 year ago closing as dupe of #302 - wardens QA
Lines of code
https://github.com/code-423n4/2022-10-thegraph/blob/309a188f7215fa42c745b136357702400f91b4ff/contracts/upgrades/GraphUpgradeable.sol#L1-L66
Vulnerability details
Impact
Possibility of storage collisions after upgrade.
Proof of Concept
GraphUpgradeable.sol is an upgradeable base contract whose inheriting contracts may introduce new variables. In order to be able to add new variables to the upgradeable abstract contract without causing storage collisions, a storage gap should be added to the upgradeable abstract contract. If no storage gap is added, when the upgradable abstract contract introduces new variables, it may override the variables in the inheriting contract. (For reference)
Recommended Mitigation Steps
Consider adding a storage gap at the end of the contract: