Authorized updates will not tracked over some version field
Summary
Constants in the Nst contract cannot be changed across authorized upgrades using UUPSUpgradeable.
Vulnerability Detail
The Nst contract defines several constants, including name, symbol, version, and decimals. These constants are embedded in the contract's bytecode and cannot be modified through UUPS upgrades.
Impact
This limitation prevents the contract from adapting showing the current updated version of the contract. Indeed the version constant will be remain the same over UUPS upgrades, leading to new "versions" but not an update on the value meaning it won't reflect new contract versions updates.
string public constant name = "Nst Stablecoin";
string public constant symbol = "NST";
@> string public constant version = "1";
uint8 public constant decimals = 18;
Tool used
Manual Review
Recommendation
Convert constants that may need to change in the future to state variables. Initialize them in the initialize() function and update them in upgrade functions as needed.
Interesting Blood Aardvark
Low/Info
Authorized updates will not tracked over some version field
Summary
Constants in the Nst contract cannot be changed across authorized upgrades using UUPSUpgradeable.
Vulnerability Detail
The Nst contract defines several constants, including
name
,symbol
,version
, anddecimals
. These constants are embedded in the contract's bytecode and cannot be modified through UUPS upgrades.Impact
This limitation prevents the contract from adapting showing the current updated version of the contract. Indeed the
version
constant will be remain the same over UUPS upgrades, leading to new "versions" but not an update on the value meaning it won't reflect new contract versions updates.Code Snippet
Nst.sol
Tool used
Manual Review
Recommendation
Convert constants that may need to change in the future to state variables. Initialize them in the
initialize()
function and update them in upgrade functions as needed.