F-2024-0003·storage-layout

Lack of storage gaps in SelectivePausableUpgradable contract for future upgrades

Acknowledgedbridgenearrainbow-bridgegithub.com/Near-One/rainbow-token-connector
TL;DR

SelectivePausableUpgradable is upgradeable but lacks reserved storage gaps; new variables added in future upgrades may collide with derived-contract state.

Severity
LOW
Impact
LOW
Likelihood
LOW
Method
MManual review
CAT.
Complexity
MEDIUM
Exploitability
LOW
02Section · Description

Description

The SelectivePausableUpgradable contract is designed to be upgradeable but currently lacks storage gaps. Storage gaps are unused storage slots that can be reserved for future state variables. Without these gaps, any new variables added in future upgrades will collide with existing storage variables in the parent contract.

03Section · Impact

Impact

The absence of storage gaps in the SelectivePausableUpgradable contract can lead to storage collisions with the parent contract if new state variables are added in future upgrades.

04Section · Recommendation

Recommendation

Introduce storage gaps in the SelectivePausableUpgradable contract to reserve space for future state variables. This will ensure that new variables can be added safely without causing storage collisions. The implementation can be updated as follows:

solidity
abstract contract SelectivePausableUpgradable is Initializable, ContextUpgradeable {
    ...
    // Reserved storage slots to allow for layout changes in the future.
    uint256[50] private __gap;
}
05Section · Resolution

Resolution

Acknowledged.

ZEALYNX SECURITY · published 2024-06-03
F-2024-0003

oog
zealynx

Smart Contract Security Digest

Monthly exploit breakdowns, audit checklists, and DeFi security research — straight to your inbox

REQUEST AN AUDIT

Quick Links

Services

Company

Resources

© 2026 Zealynx