Incorrect DECIMALS_SLOT Hash Definition Leading to Potential Storage Collision
Summary
The DECIMALS_SLOT storage slot in the Stablecoin contract is assigned an incorrect hash that does not match the EIP-1967 standard for upgradeable contract storage. This incorrect hash increases the risk of storage collisions, potentially allowing unintended overwrites of critical data.
Root Cause
In Stablecoin.sol: 27, the DECIMALS_SLOT constant is defined with the hash: 0x86386409a65c1a7f963bc51852fa7ecbdb9cad2cec464de22ee4591e1622b46b
However, this value does not follow the standard keccak256(abi.encode(uint256(keccak256("eip1967.telcoin.Stablecoin.decimals")) - 1)), leading to a discrepancy that can cause issues in compatibility and storage integrity.
Actual output is 0x3180a3dfcdfc538aa1917c4a68d1be05fe5a8b984d16f8efa5f8f5e978f9d8cd
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
During contract upgrades or interactions with storage, the contract might use a different, standard-compliant hash for DECIMALS_SLOT.
This discrepancy could cause the system to read from or write to unintended storage slots, resulting in data corruption, unexpected behavior, or potential overwrites of critical data.
Impact
Using a non-standard storage slot increases the risk of storage collision, which could lead to data corruption or unintended storage overwrites, impacting the stability and predictability of the contract's behavior.
PoC
No response
Mitigation
Ensure DECIMALS_SLOT follows the standard format using keccak256(abi.encode(uint256(keccak256("eip1967.telcoin.Stablecoin.decimals")) - 1)) to maintain compatibility and prevent potential storage collisions.
0xmujahid002
High
Incorrect
DECIMALS_SLOTHash Definition Leading to Potential Storage CollisionSummary
The
DECIMALS_SLOTstorage slot in the Stablecoin contract is assigned an incorrect hash that does not match the EIP-1967 standard for upgradeable contract storage. This incorrect hash increases the risk of storage collisions, potentially allowing unintended overwrites of critical data.Root Cause
In Stablecoin.sol: 27, the
DECIMALS_SLOTconstant is defined with the hash:0x86386409a65c1a7f963bc51852fa7ecbdb9cad2cec464de22ee4591e1622b46bHowever, this value does not follow the standard
keccak256(abi.encode(uint256(keccak256("eip1967.telcoin.Stablecoin.decimals")) - 1)), leading to a discrepancy that can cause issues in compatibility and storage integrity.Actual output is
0x3180a3dfcdfc538aa1917c4a68d1be05fe5a8b984d16f8efa5f8f5e978f9d8cdInternal pre-conditions
No response
External pre-conditions
No response
Attack Path
DECIMALS_SLOT.Impact
Using a non-standard storage slot increases the risk of storage collision, which could lead to data corruption or unintended storage overwrites, impacting the stability and predictability of the contract's behavior.
PoC
No response
Mitigation
Ensure
DECIMALS_SLOTfollows the standard format usingkeccak256(abi.encode(uint256(keccak256("eip1967.telcoin.Stablecoin.decimals")) - 1))to maintain compatibility and prevent potential storage collisions.