Storage Layout Collision Prevention: Manual & Automated Monitoring #450
Description
Summary
This proposal introduces proactive storage layout monitoring to prevent issues like those identified in the SlashingRegistryCoordinator from the eigenlayer-middleware v1.4.0-testnet-holesky release. The root cause was a change in contract inheritance order that led to storage collisions, impacting the upgradeability of dependent contracts.
I previously shared the security review with the team, and the issue was addressed in PR #446, which corrected the inheritance order to ensure upgrade compatibility and safety.
Background: Inheritance Change Details
Commit: 25d3a9428db1a7de4af10842530b1f9d1c76f233
Date: Thu Feb 20 15:45:44 2025 -0500
contract SlashingRegistryCoordinator is
EIP712,
Initializable,
Pausable,
OwnableUpgradeable,
SlashingRegistryCoordinatorStorage,
ISignatureUtilsCommit: 4d63f27247587607beb67f96fdabec4b2c1321ef (eigenlayer-middleware v1.4.0-testnet-holesky release)
Date: Tue Mar 18 15:46:28 2025 -0400
contract SlashingRegistryCoordinator is
SlashingRegistryCoordinatorStorage,
Initializable,
SemVerMixin,
Pausable,
OwnableUpgradeable,
EIP712Upgradeable,
ISignatureUtilsMixinThe change in inheritance order introduced storage layout collisions, breaking upgrade safety for contracts inheriting from this base.
Proposed Changes
To prevent similar issues in the future, I recommend a two-phase approach to monitor storage layout changes:
Short-Term: Manual Snapshot Checks
- Manually run storage-report.sh before major releases or structural contract changes.
- Developers review layout reports to detect any unintended changes or misalignments before deployment.
Long-Term: CI Integration
- Set up alerts within the CI pipeline to notify developers of any unexpected storage layout changes.
Both measures aim to ensure early detection and resolution of storage layout issues, enhancing the stability and reliability of our smart contracts over time.