defirisk.co
rubric v1.7.0

Storage-layout collision risk across upgrades

A post-deploy hygiene & change mgmt factor in the v1.7.0 rubric. Measured per protocol on a s cadence.

Methodology how we score #

**What this measures** This factor identifies whether a manual code review or the OpenZeppelin Upgrades Plugin storage-layout check has flagged any storage-layout collision risk between different implementation versions of an upgradeable proxy. A storage collision occurs when an upgrade adds, removes, or reorders storage variables in a way that causes previously-set variables to be misread or overwritten by the new implementation.

**Why it matters** Storage layout collisions in upgradeable contracts are a silent corruption vulnerability: the deployed proxy continues to function normally in most code paths, but specific edge-case executions that access reordered storage slots produce unexpected results. The Raft protocol's 2023 loss ($3.3M) demonstrated a related delegatecall storage pattern where an uninitialized slot caused an unexpected fund routing outcome — even with four audits including Trail of Bits, the interaction between proxy patterns and storage state was not caught. The OpenZeppelin Upgrades Plugin automates detection of the most common collision patterns, but manual review is required for complex inheritance hierarchies and custom proxy patterns.

**Green / Yellow / Red** Green is assigned when the OZ Upgrades Plugin or equivalent has been run against the current implementation and the prior implementation, returning no collision warnings, and this check is part of the protocol's upgrade process. Yellow covers cases where the check has been run but with manual overrides accepted, or where the check was performed on an earlier version pair and the current upgrade was not re-verified. Red is assigned when no storage layout check has been performed on the current upgrade pair, or when a known collision warning has been dismissed without a documented resolution.

**Common gray cases** This factor is grayed when the protocol uses immutable contracts (no upgrade path means no collision risk), or when the proxy pattern is non-standard and incompatible with available automated tools.

**Notable historical examples** No cross-hacked incidents currently linked in database for this factor.

Measurement what to look for #

Determine whether the OZ upgrades-plugin or manual review flags a storage-layout collision risk between implementation versions.

Data & output #

Data source
OpenZeppelin upgrades plugin (`hardhat-upgrades` or `foundry-upgrades`) storage layout check + curator inspection of implementation diffs
Output format
Green / Yellow / Red
Evidence artifact
OZ upgrades plugin output + storage layout diff + collision flag
Confidence signal
green = storage layout checks pass with no collision; yellow = minor layout additions in safe append positions; red = storage layout collision flagged; gray = protocol has no upgradeable proxies

Scored protocols 80 carry this factor #

Protocol RD-F-142
Aave v3 ethereum green Across Protocol ethereum gray Aerodrome Finance base green Axelar Network ethereum yellow Babylon Protocol bitcoin not_applicable Balancer (v2 + v3) ethereum green Beefy Finance ethereum green BENQI avalanche not_assessed BlackRock USD Institutional Digital Liquidity Fund (BUIDL) ethereum yellow Cap (cUSD / stcUSD) ethereum gray Centrifuge ethereum green Chainlink CCIP ethereum not_applicable Circle USYC binance yellow Compound V3 (Comet) ethereum green Concrete ethereum gray Convex Finance ethereum not_applicable crvUSD (Curve Stablecoin) ethereum not_applicable Curve Finance ethereum green deBridge ethereum gray Dolomite ethereum yellow dYdX v4 (dYdX Chain) dydx not_applicable EigenLayer ethereum yellow Ethena ethereum not_applicable ether.fi ethereum gray Euler V2 ethereum yellow Falcon Finance ethereum gray Fluid ethereum gray Frax Finance ethereum yellow GMX v2 (GMX Synthetics) arbitrum green Hyperlane ethereum gray Hyperliquid arbitrum yellow Jito solana yellow Jupiter solana not_applicable Jupiter Perpetual Exchange solana not_applicable JustLend DAO tron not_applicable Kamino Lend solana not_applicable Kinetiq hyperliquid gray Lido ethereum yellow Liquid Collective (LsETH) ethereum green Liquity V1 + V2 (LUSD / BOLD) ethereum not_applicable Lista DAO bsc green Lombard Finance ethereum yellow M^0 ethereum yellow Maple Finance ethereum yellow Marinade Finance solana green Meteora solana yellow mETH Protocol ethereum yellow Midas ethereum yellow Morpho V1 (Morpho Blue + MetaMorpho) ethereum green Multipli ethereum green Ondo Finance ethereum gray OpenEden ethereum yellow Orca solana not_applicable PancakeSwap bsc not_applicable Pendle Finance ethereum yellow Polymarket polygon green QuickSwap polygon not_applicable Raydium solana not_applicable Rocket Pool ethereum gray Sanctum solana yellow Save (formerly Solend) solana not_applicable Sky Lending (formerly MakerDAO) ethereum green Spark Protocol ethereum yellow Spiko stellar yellow Stake DAO ethereum gray StakeWise v3 ethereum gray Stargate Finance ethereum gray stHYPE (Valantis Labs) hyperliquid yellow SUNSwap (sun.io) tron not_applicable Superstate ethereum yellow Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap ethereum not_applicable Symbiotic ethereum green Synapse Protocol ethereum yellow Uniswap (v2 + v3) ethereum not_applicable USDD (Decentralized USD) tron not_applicable Usual (USD0 / bUSD0 / USUAL) ethereum gray Veda (BoringVault) ethereum not_applicable Venus Protocol bsc yellow Wormhole ethereum gray Yearn Finance ethereum green
0 red · 25 yellow · 17 green

Linked hacks no historical incidents linked #

No historical incidents are linked to this factor.
rubric_version v1.7.0 factor RD-F-142 category 9 carried 80 critical no