search

sherlock-audit / 2024-03-nouns-dao-2-judging

1 stars 0 forks source link

bareli - Storage collision #45

Closed sherlock-admin4 closed 4 months ago

sherlock-admin4 commented 4 months ago

bareli

medium

Storage collision

Summary

Using the same startSlot for both old and new layouts may lead to storage collisions.

Vulnerability Detail

function _oldLayout() internal pure returns (OldLayout storage layout) { assembly { @> layout.slot := startSlot.slot } }

function _newLayout() internal pure returns (NewLayout storage layout) {
    assembly {
@>        layout.slot := startSlot.slot
    }
}

Impact

Using the same startSlot for both old and new layouts may lead to storage collisions.

Code Snippet

https://github.com/sherlock-audit/2024-03-nouns-dao-2/blob/main/nouns-monorepo/packages/nouns-contracts/contracts/NounsAuctionHousePreV2Migration.sol#L86

Tool used

Manual Review

Recommendation

Using the different startSlot for both old and new layouts

sherlock-admin2 commented 4 months ago

1 comment(s) were left on this issue during the judging contest.

WangAudit commented:

looks quite intended tbh; how it can cause storage collision specifically