GraphUpgradeable.sol is an upgradeable base contract whose inheriting contracts may introduce new variables. In order to be able to add new variables to the upgradeable abstract contract without causing storage collisions, a storage gap should be added to the upgradeable abstract contract.
If no storage gap is added, when the upgradable abstract contract introduces new variables, it may override the variables in the inheriting contract.
(For reference)
Recommended Mitigation Steps
Consider adding a storage gap at the end of the contract:
Lines of code
https://github.com/code-423n4/2022-10-thegraph/blob/309a188f7215fa42c745b136357702400f91b4ff/contracts/upgrades/GraphUpgradeable.sol#L1-L66
Vulnerability details
Impact
Possibility of storage collisions after upgrade.
Proof of Concept
GraphUpgradeable.sol is an upgradeable base contract whose inheriting contracts may introduce new variables. In order to be able to add new variables to the upgradeable abstract contract without causing storage collisions, a storage gap should be added to the upgradeable abstract contract. If no storage gap is added, when the upgradable abstract contract introduces new variables, it may override the variables in the inheriting contract. (For reference)
Recommended Mitigation Steps
Consider adding a storage gap at the end of the contract: