Open hats-bug-reporter[bot] opened 12 months ago
Thank you for your submission. The upgradeabiliy of module contract is not intended to be invoked when adding new variables. However, this generic recommandation is valid, thus still accept as valid submission
Github username: @jonsey Submission hash (on-chain): 0x42758020f253bfa1df3b931feff54de329f8ed59862bbcca93e060db48a21915 Severity: medium
Description:
Description
Storage gaps are a convention for reserving storage slots in a base contract, allowing future versions of that contract to use up those slots without affecting the storage layout of child contracts.
The existing
HoprNodeManagementModule
is a child module ofSimplifiedModule
, which inherits fromOwnableUpgradeable
. The critical issue here is that there is no storage gap defined inSimplifiedModule
. This means that if an upgrade toSimplifiedModule
occurs at any point, and a new variable is added, the variableaddress public multisend;
could be overwritten. Such an event could have severe implications for the protocol's integrity.Openzeppelin Storgae Gaps recommendation
Recommendation
Add an appropriate storage gap at the end of
SimplifiedModule
as recommended by openzeppelin in this link Openzeppelin Storgae Gaps recommendation