Upgradeable contracts should derive from openzeppelin upgradeable library only as best practice
Summary
To avoid any storage layout related conflict, the Upgradeable should derive from openzeppelin upgradeable library contract only, not the other standard library. MlumStaking contract derives from ReentrancyGuard which does not follow the best practices.
Vulnerability Detail
MlumStaking contract derives from ReentrancyGuard which is not part of openzeppelin upgradeable library contracts.
contract MlumStaking is
Ownable2StepUpgradeable,
==>ReentrancyGuard, // @audit - should use upgradable version
IMlumStaking,
ERC721Upgradeable,
ERC721EnumerableUpgradeable
{
using EnumerableSet for EnumerableSet.AddressSet;
using SafeERC20 for IERC20;
Tool used
Manual Review
Recommendation
The recommendation is to use the version from upgradeable library.
Tricky Pebble Dachshund
Low/Info
Upgradeable contracts should derive from openzeppelin upgradeable library only as best practice
Summary
To avoid any storage layout related conflict, the Upgradeable should derive from
openzeppelin upgradeable
library contract only, not the other standard library.MlumStaking
contract derives fromReentrancyGuard
which does not follow the best practices.Vulnerability Detail
MlumStaking
contract derives fromReentrancyGuard
which is not part ofopenzeppelin upgradeable
library contracts.Impact
No Impact in this context.
Code Snippet
https://github.com/sherlock-audit/2024-06-magicsea/blob/main/magicsea-staking/src/MlumStaking.sol#L31-L40
Tool used
Manual Review
Recommendation
The recommendation is to use the version from upgradeable library.
openzeppelin-contracts-upgradeable