The contracts use multiple storage slots and inheritance, which could lead to storage collisions if not properly managed during upgrades or if storage gaps aren't properly maintained.
Internal pre-conditions
Contract must be upgraded
New implementation must modify storage layout
Multiple inherited contracts must access storage
External pre-conditions
No response
Attack Path
If an upgrade introduces new storage variables without proper spacing
Storage slots could collide with existing ones from inherited contracts
Impact
Data corruption
Breaking of contract functionality
PoC
No response
Mitigation
Add explicit storage gaps in all upgradeable contracts
0xsalami
Medium
Storage collision risk in upgradeable contracts
Summary
While the contracts use ERC-7201 storage layout, there are potential risks in the storage handling across the inheritance chain and upgrades.
Root Cause
https://github.com/sherlock-audit/2024-11-telcoin/blob/main/telcoin-audit/contracts/util/abstract/Blacklist.sol#L19-L20 https://github.com/sherlock-audit/2024-11-telcoin/blob/main/telcoin-audit/contracts/stablecoin/StablecoinHandler.sol#L57-L58
The contracts use multiple storage slots and inheritance, which could lead to storage collisions if not properly managed during upgrades or if storage gaps aren't properly maintained.
Internal pre-conditions
External pre-conditions
No response
Attack Path
Impact
PoC
No response
Mitigation
Add explicit storage gaps in all upgradeable contracts