The OrderProcessor and BuyOrderIssuer are base contracts of other child contracts. They should add storage gaps, guaranteeing their future versions (OrderProcessor and BuyOrderIssuer) will be upgradeable without conflicting with the storage layout of child contracts.
Without adding the storage gaps in advance, the future version upgrades of the OrderProcessor and BuyOrderIssuer may conflict with the storage layout of the child contracts.
serial-coder
medium
Adding storage gaps for future version upgrades
Summary
The
OrderProcessorandBuyOrderIssuerare base contracts of other child contracts. They should add storage gaps, guaranteeing their future versions (OrderProcessorandBuyOrderIssuer) will be upgradeable without conflicting with the storage layout of child contracts.Vulnerability Detail
The
OrderProcessoris a base contract of:BuyOrderIssuerchild contractDirectBuyIssuerchild contractSellOrderProcessorchild contractWhereas the
BuyOrderIssuercan be a base contract of theDirectBuyIssuerchild contract.Impact
Without adding the storage gaps in advance, the future version upgrades of the
OrderProcessorandBuyOrderIssuermay conflict with the storage layout of the child contracts.Subsequently, the platform's contracts may not be upgradeable as planned.
Code Snippet
OrderProcessor: https://github.com/sherlock-audit/2023-06-dinari/blob/main/sbt-contracts/src/issuer/OrderProcessor.sol#L37
BuyOrderIssuer: https://github.com/sherlock-audit/2023-06-dinari/blob/main/sbt-contracts/src/issuer/BuyOrderIssuer.sol#L16
DirectBuyIssuer: https://github.com/sherlock-audit/2023-06-dinari/blob/main/sbt-contracts/src/issuer/DirectBuyIssuer.sol#L28
SellOrderProcessor: https://github.com/sherlock-audit/2023-06-dinari/blob/main/sbt-contracts/src/issuer/SellOrderProcessor.sol#L17
Tool used
Manual Review
Recommendation
Recommend adding storage gaps to the
OrderProcessorandBuyOrderIssuerbase contracts to guarantee future version upgrades as expected.