Fast Khaki Raccoon
Medium
DecentralizedIndex is an abstract contract with storage variables
abstract contract DecentralizedIndex is Initializable, ERC20Upgradeable, ERC20PermitUpgradeable, IDecentralizedIndex {
using SafeERC20 for IERC20;
uint16 constant DEN = 10000; // 10K
uint8 constant SWAP_DELAY = 20; // seconds
IProtocolFeeRouter PROTOCOL_FEE_ROUTER;
IRewardsWhitelister REWARDS_WHITELIST;
IDexAdapter public override DEX_HANDLER;
IV3TwapUtilities V3_TWAP_UTILS;
uint256 public FLASH_FEE_AMOUNT_DAI; // 10 DAI
address public PAIRED_LP_TOKEN;
address CREATOR;
address V2_ROUTER;
address V3_ROUTER;
address DAI;
address WETH;
address V2_POOL;that is implemented in WeightedIndex, which also has values
contract WeightedIndex is Initializable, IInitializeSelector, DecentralizedIndex {
using SafeERC20 for IERC20;
uint256 private _totalWeights;
Both contracts are upgradable in mind, which can be seen from bot of them having initialize and inheriting upgradable contracts.
However if DecentralizedIndex gets upgraded it's storage would clash with WeightedIndex bricking both contracts and costing all of the funds inside WeightedIndex.
Note that this can be spotted in other places around the codebase.
DecentralizedIndex missing a gap, while having upgradability in mind.
No response
No response
DecentralizedIndexis upgraded and 1 new variable is introduced- Storage clashes with
WeightedIndex, causing the whole contract to be inoperable - All funds are lost
If DecentralizedIndex gets upgraded it's storage would clash with WeightedIndex bricking both contracts and costing all of the funds inside WeightedIndex.
No response
Implement gap[50]