Not your Type! Detecting Storage Collision Vulnerabilities in Ethereum Smart Contracts

Nicola Ruaro

Network and Distributed System Security (NDSS) Symposium 2024 · Day 2 · Blockchain & Smart Contracts

In the rapidly evolving landscape of decentralized finance (DeFi) and Ethereum smart contracts, the flexibility offered by features like contract upgradability comes with inherent security complexities. This talk, "Not your Type! Detecting Storage Collision Vulnerabilities in Ethereum Smart Contracts," presented by Nicola Ruaro, addresses a critical and often overlooked class of vulnerabilities: **storage collisions**. These issues arise when two smart contracts, particularly in the context of the widely used **proxy pattern**, share the same underlying storage but interpret the data within specific storage slots differently, either due to type mismatches or semantic misunderstandings. Such discrepancies can lead to severe consequences, including denial of service, privilege escalation, and direct theft of digital assets, as tragically exemplified by the $6 million AUDIUS platform attack in July 2022.