Storage-layout collision risk across upgrades

Midas's assessment for RD-F-142 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Sherlock 2024-08 finding M-4: 'Corruptible Upgradability Pattern — Pausable, Greenlistable, Blacklistable, WithSanctionsList, CustomAggregatorV3CompatibleFeed lack __gap storage slots.' Status: Fixed (PR #64). Dec-2025 Issuance Vault (0xC8AF8477) was deployed after this fix, providing moderate assurance. However, private repo prevents independent verification that all gap slots were added correctly across the full inheritance chain. Minor residual uncertainty.

Sources #

GitHub
Sherlock 2024-08 M-4 — storage gap fixSherlock 2024-08 M-4: storage gap vulnerability Fixed in PR #64retrieved 2026-05-16

Methodology #

Determine whether the OZ upgrades-plugin or manual review flags a storage-layout collision risk between implementation versions.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol midas factor RD-F-142 score yellow collected_at 2026-05-16 09:34:55