Most.sol implements openzeppelin's upgradeable model, however it lacks storage gaps. To ensure the contract has storage for new variables when upgrading: it is best practice to include an array storage variable (usually named __gap[50]) that will be used to reserve space in the contract. If there's no storage gap added to upgradeable contracts, new variables can cause storage collision aka override the previous variables in the contract.
Storage gaps are a convention for reserving storage slots in a base contract, allowing future versions of that contract to use up those slots without affecting the storage layout of child contracts.
To create a storage gap, declare a fixed-size array in the base contract with an initial number of slots. This can be an array of uint256 so that each element reserves a 32 byte slot. Use the name __gap
Recommendation
Consider to add __gap as a storage variable in the end of the contract. The size of __gap is usually calculated so that the storage used by the contract adds up to the same number (usually 50 storage slots).
contract Most {
...
...
uint256[50] public __gap;
}
Github username: @0xfuje Twitter username: 0xfuje Submission hash (on-chain): 0x0cc5d64fcb1309e8ea2a654336ebcb870e364cc55ea00ec7eed9ab765aec8c5b Severity: low
Description:
Description
Most.sol
implements openzeppelin's upgradeable model, however it lacks storage gaps. To ensure the contract has storage for new variables when upgrading: it is best practice to include an array storage variable (usually named__gap[50]
) that will be used to reserve space in the contract. If there's no storage gap added to upgradeable contracts, new variables can cause storage collision aka override the previous variables in the contract.See OpenZeppelin's documentation on storage gaps:
Recommendation
Consider to add
__gap
as a storage variable in the end of the contract. The size of__gap
is usually calculated so that the storage used by the contract adds up to the same number (usually 50 storage slots).