Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Detector idea: flag storage slot usage if contract is upgradeable #2591

Open
bsamuels453 opened this issue Oct 15, 2024 · 1 comment
Open

Detector idea: flag storage slot usage if contract is upgradeable #2591

bsamuels453 opened this issue Oct 15, 2024 · 1 comment
Labels
enhancement New feature or request

Comments

@bsamuels453
Copy link
Contributor

Describe the desired feature

The idea here is that using EIP-7201 should be the recommended best-practice way of managing contract storage of upgradeable contracts. We can push best practice by flagging a finding on upgradeable contracts that store variables in the storage slots at the beginning of the contract (ex: variables listed in slither --print variable-order)

Upgradeable contracts can be vaguely identified by the presence of an initialize() function. This would limit false positives to factory-deployed contracts, confidence medium.

We can get better results by checking for inheritance of OZ's UUPSUpgradeable or similar contracts, confidence high.

Severity medium imo, but open to thoughts
@bsamuels453 bsamuels453 added the enhancement New feature or request label Oct 15, 2024
@bsamuels453
Copy link
Contributor Author

solc is gonna add this eip as a first class feature which will simplify this detector a bit: ethereum/solidity#597 (comment)

This was referenced Nov 1, 2024
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bsamuels453 and others