solidstate-solidity
solidstate-solidity copied to clipboard
Use EIP-7201 to define storage slots
This EIP uses keccak256
to generate storage slots, and subtracts 1 from the result to avoid preimage attacks. This works for the EIP because it uses only single-slot storage values, but not for SolidState because many of the storage layout structs are multi-slot.
Should try to address this? It's not entirely clear what such a preimage attack would look like. If such an attack can be demonstrated, I would suggest using bitwise-not rather than subtraction of 1 to obscure the SolidState storage slots.
As discussed on Discord (https://discord.com/channels/969993840318611476/1040352410087985182/1042896740975652945), I found a theoretical attack vector, but it would rely on the inclusion of ASCII control codes in a storage layout string. This seems unlikely to cause any issues.
Proof of concept of the attack vector is here: https://github.com/solidstate-network/diamond-storage-preimage-attack/
Implementing EIP-7201 would solve this.