Storage Collision

From WEB3 Vulnerapedia
Jump to navigation Jump to search

Storage Collision is a class of vulnerabilities, the main cause of which is the usage of the same storage slot for different logical components of a smart contract. A more narrow definition is a storage collision between Proxy and Implementation.

Example

Remedy Invitational Challenge[1]

A storage collision vulnerability was the solution to the challenge. You can try to solve it yourself or see the write-ups here or here.

M-05 from Alchemix contest on Code4rena[2]

The lack of a storage gap was judged as a valid Medium in the contest. The contract system didn't implement additional reserved places for future variables in the base contracts, which could lead to a storage collision during an upgrade. It is important to note that this type of vulnerability can now often be found by automatic tooling.