defirisk.co
rubric v1.7.0

Storage-layout collision risk across upgrades

Wormhole's assessment for RD-F-142 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Storage-layout collision risk across upgrades | Core Bridge has only had 3 implementation versions since 2021 (Aug 2021, Jul 2022, Sept 2022). Wormhole uses a custom Setup pattern rather than OZ Initializable v5, which has a distinct storage model. Trail of Bits 2022 audit covered storage layout. No public OZ Upgrades plugin output available. Risk exists but no evidence of a known collision. | Etherscan Upgraded events; Immunefi bugfix review (storage discussion); Profile §8 | gray

Sources #

  • Curator note
    Extracted from 02-governance-admin.md — RD-F-142; no URL citedretrieved 2026-04-28

Methodology #

Determine whether the OZ upgrades-plugin or manual review flags a storage-layout collision risk between implementation versions.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol wormhole factor RD-F-142 score gray collected_at 2026-04-28 01:38:43