Storage Collision

From WEB3 Vulnerapedia
Jump to navigation Jump to search

Storage Collision is a class of vulnerabilities, the main cause of which is the usage of the same storage slot for different logical components of a smart contract. A more narrow definition is a storage collision between Proxy and Implementation.

Example

Remedy Invitational Challenge[1]

A storage collision vulnerability was the solution to the challenge. You can try to solve it yourself or see the write-ups here or here.

M-05 from Alchemix contest on Code4rena[2]

The lack of a storage gap was judged as a valid Medium in the contest. The contract system didn't implement additional reserved places for future variables in the base contracts, which could lead to a storage collision during an upgrade. It is important to note that this type of vulnerability can now often be found by automatic tooling.

  1. https://github.com/Hexens/remedy-invitational-challenge
  2. https://github.com/code-423n4/2022-05-alchemix-findings/issues/44
Retrieved from "https://wiki.r.security/w/index.php?title=Storage_Collision&oldid=1231"