Scrawny Sapphire Baboon
High
The contract ERC2771ContextUpgradeable is derived from OpenZeppelin's ERC2771ContextUpgradeable library. It has been modified by removing the storage gap typically reserved at the end of the contract. This modification deviates from OpenZeppelin's standard practice for upgradeable contracts.
OpenZeppelin's ContextUpgradeable and ERC2771ContextUpgradeable typically include a storage gap (uint256[50] private __gap;) to reserve space for future variables. The storage gap ensures compatibility and flexibility for adding new variables in future versions of the contract. In the provided implementation, the storage gap has been deliberately removed, as indicated by the comment: "This is modified from the OZ library to remove the gap of storage variables at the end."
The _trustedForwarder variable is declared as immutable (address private immutable _trustedForwarder), which means its value is fixed at deployment and does not occupy storage in the contract's storage layout. https://github.com/sherlock-audit/2024-11-teller-finance-update/blob/main/teller-protocol-v2-audit-2024/packages/contracts/contracts/ERC2771ContextUpgradeable.sol#L1-L64
No response
No response
No response
Potential Impact Upgrade Compatibility Issues:
If this contract or any derived contracts need to be upgraded, new storage variables cannot be safely added to the contract. Adding storage variables to the contract's layout will overwrite existing storage slots, potentially corrupting data and rendering the contract non-functional or insecure. The removal of the storage gap deviates from OpenZeppelin's upgradeable contract design, reducing flexibility for future enhancements or bug fixes. This increases the likelihood of human error during contract upgrades, especially when adding new variables. The immutable _trustedForwarder cannot be changed or adjusted after deployment, which might limit adaptability to changes in the system's forwarder logic or address.
No response
uint256[50] private __gap;