UPGRADEABLE CONTRACT IS MISSING A __GAP[50] STORAGE VARIABLE TO ALLOW FOR NEW STORAGE VARIABLES IN LATER VERSIONS
Summary
See this link for a description of this storage variable. While some contracts may not currently be sub-classed, adding the variable now protects against forgetting to add it in the future.
Vulnerability Detail
See this link for a description of this storage variable. While some contracts may not currently be sub-classed, adding the variable now protects against forgetting to add it in the future.
Impact
See this link for a description of this storage variable. While some contracts may not currently be sub-classed, adding the variable now protects against forgetting to add it in the future.
contract HardenedTopupProxy is AccessControlUpgradeable, SafeAllowanceResetUpgradeable {
using SafeMathUpgradeable for uint256;
using SafeERC20Upgradeable for IERC20Upgradeable;
using AddressUpgradeable for address payable;
using RLPReader for RLPReader.RLPItem;
using RLPReader for bytes;
using ByteUtil for bytes;
contract ContractWhitelist is AccessControlUpgradeable, IContractWhitelist {
mapping(address => bool) whitelist;
// events to track adding or removing items (should be monitored by security backend)
event AddedToWhitelist(address indexed targetAddress);
event RemovedFromWhitelist(address indexed targetAddress);
// this contract uses role-based access, so init the default admin role to the
// contract creator. this is high-privileged role and should be protected
function initialize() public initializer {
_setupRole(DEFAULT_ADMIN_ROLE, _msgSender());
}
Tool used
Manual Review
Recommendation
uint256[50] __gap; // gap to reserve storage in the contract for future variable additions
8olidity
medium
UPGRADEABLE CONTRACT IS MISSING A __GAP[50] STORAGE VARIABLE TO ALLOW FOR NEW STORAGE VARIABLES IN LATER VERSIONS
Summary
See this link for a description of this storage variable. While some contracts may not currently be sub-classed, adding the variable now protects against forgetting to add it in the future.
Vulnerability Detail
See this link for a description of this storage variable. While some contracts may not currently be sub-classed, adding the variable now protects against forgetting to add it in the future.
Impact
See this link for a description of this storage variable. While some contracts may not currently be sub-classed, adding the variable now protects against forgetting to add it in the future.
Code Snippet
https://github.com/sherlock-audit/2022-10-mover/blob/main/cardtopup_contract/contracts/HardenedTopupProxy.sol#L68 https://github.com/sherlock-audit/2022-10-mover/blob/main/cardtopup_contract/contracts/ContractWhitelist.sol#L16
Tool used
Manual Review
Recommendation
Duplicate of #17