As mentioned in the contest's page, all the smart contracts are upgradeable so it is necessary to add at the end of the contracts a storage gap
storage gap is a must for upgradeable contract because it let the devs to add new state variables in the future without compromising the storage compatibility with existing deployments
To solve the issue, add uint256[50] private __gap at the end of upgradeable contracts
Lines of code
https://github.com/code-423n4/2023-11-kelp/blob/c5fdc2e62c5e1d78769f44d6e34a6fb9e40c00f0/src/LRTDepositPool.sol#L1
Vulnerability details
As mentioned in the contest's page, all the smart contracts are upgradeable so it is necessary to add at the end of the contracts a
storage gap
storage gap
is a must for upgradeable contract because it let the devs to add new state variables in the future without compromising the storage compatibility with existing deploymentsTo solve the issue, add
uint256[50] private __gap
at the end of upgradeable contractsAssessed type
Upgradable