hats-finance / Proof-Of-Humanity-V2-0xef0709445d394a22704850c772a28a863bb780b0

Proof of Humanity Protocol v2
2 stars 1 forks source link

Storage Corruption in `ProofOfHumanityExtended` #151

Open hats-bug-reporter[bot] opened 2 months ago

hats-bug-reporter[bot] commented 2 months ago

Github username: -- Twitter username: -- Submission hash (on-chain): 0x7322f18f364b9c5e527d52b2e62f41bb85977eb6c8b22eb1309526cfd6888ae7 Severity: medium

Description: Description\ The ProofOfHumanityExtended contract inherits from the ForkModule contract. However, the ForkModule contract does not implement a storage `gap, which can lead to storage corruption during future upgrades. This issue arises because adding new state variables in the ProofOfHumanityExtended contract or any other contract inheriting from ForkModule can misalign the storage layout, leading to corrupted state variables.

In Solidity, when using the upgradability pattern, it is crucial to ensure that the storage layout of the contract remains consistent across upgrades. If the storage layout changes, it can lead to corrupted state variables, which can have severe consequences for the contract's functionality and security.

similar issue : https://github.com/sherlock-audit/2024-05-midas-judging/issues/109

Attack Scenario\ Describe how the vulnerability can be exploited.

Attachments

  1. Proof of Concept (PoC) File

https://github.com/hats-finance/Proof-Of-Humanity-V2-0xef0709445d394a22704850c772a28a863bb780b0/blob/master/contracts/extending-old/ProofOfHumanityExtended.sol

https://github.com/hats-finance/Proof-Of-Humanity-V2-0xef0709445d394a22704850c772a28a863bb780b0/blob/master/contracts/extending-old/ForkModule.sol

  1. Revised Code File (Optional)

Add gaps for non pure-function contracts i.e ForkModule.sol

clesaege commented 2 months ago

The ProofOfHumanityExtended contract inherits from the ForkModule contract.

This is not true.