_Follow along with the video lesson:_ --- ### Exploit - Storage Collision - PoC Alright! Let's see what a storage collision proof of code looks like. Honestly, it's not too difficult at all. Start by importing ThunderLoanUpgraded.sol into our ThunderLoanTest.t.sol. ```js import { ThunderLoanUpgraded } from "../../src/upgradedProtocol/ThunderLoanUpgraded.sol"; ``` Then we can add our test, right at the bottom. Let's consider what we need to accomplish. 1. Acquire the fee before the upgrade 2. Deploy ThunderLoanUpgraded.sol 3. Upgrade to new implementation 4. Acquire the fee after the upgrade 5. Assert Shouldn't be too difficult! ```js function testUpgradeBreaksFee() public setAllowedToken hasDeposits { uint256 feeBeforeUpgrade = thunderLoan.getFee(); vm.startPrank(thunderLoan.owner()); ThunderLoanUpgraded upgraded = new ThunderLoanUpgraded(); thunderLoan.upgradeToAndCall(address(upgraded), ""); uint256 feeAfterUpgrade = thunderLoan.getFee(); vm.stopPrank(); console2.log("Fee before upgrade:", feeBeforeUpgrade); console2.log("Fee after upgrade:", feeAfterUpgrade); assert(feeBeforeUpgrade != feeAfterUpgrade); } ``` Now, if we run this test... ```bash forge test --mt testUpgradeBreaksFee -vvv ``` ::image{src='/security-section-6/46-exploit-storage-collision-poc/exploit-storage-collision-poc1.png' style='width: 100%; height: auto;'} Holy Cow, there it is. Another High severity finding! Let's walk through doing the last write up of this security review, in the next lesson. We're almost there!
Patrick walks through the proof of code for our discovered storage collision vulnerability.
Previous lesson
Previous
Next lesson
Next
Give us feedback
Solidity Developer
Smart Contract SecurityDuration: 25min
Duration: 1h 18min
Duration: 35min
Duration: 2h 28min
Duration: 5h 03min
Duration: 5h 22min
Duration: 4h 33min
Duration: 2h 01min
Duration: 1h 40min
Testimonials
Read what our students have to say about this course.
Chainlink
Chainlink
Gustavo Gonzalez
Solutions Engineer at OpenZeppelin
Francesco Andreoli
Lead Devrel at Metamask
Albert Hu
DeForm Founding Engineer
Radek
Senior Developer Advocate at Ceramic
Boidushya
WalletConnect
Idris
Developer Relations Engineer at Axelar