Stablecoin.sol and AmirX.sol are upgradable contracts but inherit from contracts that does not have storage gap
Summary
Stablecoin.sol inherits from Blacklist.sol and AmirX.sol inherits from StablecoinHandler.sol both of which contains storage variables but does not have gap variables in them. These gap variables are necessary since the contracts are intended to be upgradable and no gap can lead to storage collisions.
Root Cause
In StablecoinHandler.sol:21 and [Blacklist.sol:14](https://github.com/sherlock-audit/2024-11-telcoin/blob/main/telcoin-audit/contracts/util/abstract/Blacklist.sol#L14) we can see storage variables being created in the parent contracts. If proper gap variables are not added then upgrading these contracts might lead to storage collisions.
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
No response
PoC
Already explained in the Summary and root cause.
Mitigation
Add storage gaps to all inherited contracts that contain storage variables.
parzival
Medium
Stablecoin.solandAmirX.solare upgradable contracts but inherit from contracts that does not have storage gapSummary
Stablecoin.solinherits fromBlacklist.solandAmirX.solinherits fromStablecoinHandler.solboth of which contains storage variables but does not have gap variables in them. These gap variables are necessary since the contracts are intended to be upgradable and no gap can lead to storage collisions.Root Cause
In
StablecoinHandler.sol:21and[Blacklist.sol:14](https://github.com/sherlock-audit/2024-11-telcoin/blob/main/telcoin-audit/contracts/util/abstract/Blacklist.sol#L14)we can see storage variables being created in the parent contracts. If proper gap variables are not added then upgrading these contracts might lead to storage collisions.Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
No response
PoC
Already explained in the Summary and root cause.
Mitigation
Add storage gaps to all inherited contracts that contain storage variables.