Closed sherlock-admin closed 7 months ago
3 comment(s) were left on this issue during the judging contest.
tsvetanovv commented:
Low. "Storage Slot Collision issue" is Low according to the Sherlock documentation
PNS commented:
Simple contracts with one of the parent contract not implementing storage gaps are considered low/informational.
0xAadi commented:
Invalid: OOS
blutorque
medium
No storage gap for upgradeable contracts
Summary
GladiusReactor.sol is an upgradeable contract intended to be used with proxy, but have missing storage gaps. Any new variable introduced in a parent contract, can potentially overwrite the beginning of storage layout of the child contract, leading to critical misfortunes.
Vulnerability Detail
See summary.
Impact
broken state machine, can't use anymore
Code Snippet
https://github.com/sherlock-audit/2024-02-rubicon-finance/blob/11cac67919e8a1303b3a3177291b88c0c70bf03b/gladius-contracts-internal/src/reactors/GladiusReactor.sol#L18 https://github.com/sherlock-audit/2024-02-rubicon-finance/blob/11cac67919e8a1303b3a3177291b88c0c70bf03b/gladius-contracts-internal/src/reactors/BaseGladiusReactor.sol#L19-L24
Tool used
Manual Review
Recommendation
It is recommended to add below in the end of upgradeable contracts.