The above shown contract is meant to be upgradeable. However, the child and parent class are not designed ot be upgrade-safe. From the other contracts in scope (Voter, MlumStaking and MasterchefV2) we can see that the protocol team has thought about proper upgradeability patterns by adding storage gaps:
However, this has not been done for the MasterChefRewarder contract. This means that the storage layout of the contract might be corrupted during an upgrade. Without gaps, adding new storage variables to any of these contracts can potentially overwrite the beginning of the storage layout of the child contract, causing critical misbehaviors in the system.
Impact
Storage of MasterChefRewarder.sol contract might be corrupted during an upgrade.
Elegant Vanilla Crane
Low/Info
Corruptable Upgradeability Pattern
Summary
Storage of
MasterChefRewarder.solcontract might be corrupted during an upgrade.Vulnerability Detail
Following is the inheritance structure of the
MasterChefRewardercontract:Note: Orange means that we do not have storage gaps.
The above shown contract is meant to be upgradeable. However, the child and parent class are not designed ot be upgrade-safe. From the other contracts in scope (
Voter,MlumStakingandMasterchefV2) we can see that the protocol team has thought about proper upgradeability patterns by adding storage gaps:https://github.com/sherlock-audit/2024-06-magicsea-Welith/blob/6dea5bf6194b02d0ba0dd4ae9f31bceb7aebb20d/magicsea-staking/src/Voter.sol#L82
https://github.com/sherlock-audit/2024-06-magicsea-Welith/blob/6dea5bf6194b02d0ba0dd4ae9f31bceb7aebb20d/magicsea-staking/src/MlumStaking.sol#L80
https://github.com/sherlock-audit/2024-06-magicsea-Welith/blob/6dea5bf6194b02d0ba0dd4ae9f31bceb7aebb20d/magicsea-staking/src/MasterchefV2.sol#L59
However, this has not been done for the
MasterChefRewardercontract. This means that the storage layout of the contract might be corrupted during an upgrade. Without gaps, adding new storage variables to any of these contracts can potentially overwrite the beginning of the storage layout of the child contract, causing critical misbehaviors in the system.Impact
Storage of
MasterChefRewarder.solcontract might be corrupted during an upgrade.Code snippet
https://github.com/sherlock-audit/2024-06-magicsea/blob/42e799446595c542eff9519353d3becc50cdba63/magicsea-staking/src/rewarders/BaseRewarder.sol#L15
https://github.com/sherlock-audit/2024-06-magicsea/blob/42e799446595c542eff9519353d3becc50cdba63/magicsea-staking/src/rewarders/MasterChefRewarder.sol#L14
Tool used
Manual Review
Recommenation
Add gaps for non pure-function contracts:
BaseRewarder.solandMasterChefRewarder.sol.