Proxy Storage Collision

Description

A proxy contract declares a state variable that may override a storage slot of the implementation contract, potentially leading to unintended behavior or security vulnerabilities.

Examples

Insecure Code

solidity

contract MyContract is UpgradeabilityProxy { uint256 public myVar; }

Secure Code

solidity

contract MyContract is UpgradeabilityProxy { uint256 public immutable myVar; }

Remediation

Use the `immutable` or `constant` keyword for state variables that should not be overridden, or ensure that the state variable names do not collide with those in the implementation contract.

Rule Details

Field	Value
ID	CODE-0096
Category	InsecureConfig
Severity	HIGH
CWE	CWE-787
Confidence	HIGH
Impact	HIGH
Likelihood	MEDIUM
Exploitability	MODERATE
Tags	smart contract, proxy contract, storage collision
OWASP	N/A

References

https://blog.audius.co/article/audius-governance-takeover-post-mortem-7-23-22

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Proxy Storage Collision

Description

Examples

Insecure Code

Secure Code

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Proxy Storage Collision ​

Description ​

Examples ​

Insecure Code ​

Secure Code ​

Remediation ​

Rule Details ​

References ​

Proxy Storage Collision

Description

Examples

Insecure Code

Secure Code

Remediation

Rule Details

References