Storage Collision

What is Storage Collision?

Storage collision is a critical vulnerability in upgradeable smart contracts where the proxy and implementation contracts attempt to use the same storage slots for different variables. When implementation code writes to a storage slot, it actually writes to the proxy's storage. If both contracts have variables at the same slot with different meanings, data corruption and security breaches result.

How it Works

Ethereum smart contracts store state variables in numbered slots starting from 0. In a proxy architecture using delegatecall, the implementation's code executes against the proxy's storage. Both contracts may independently assign variables to the same slots.

Storage collision occurs when:

1. Proxy stores admin address in slot 0
2. Implementation expects user balance mapping in slot 0
3. Implementation writes to slot 0, overwriting the admin address
4. Attacker becomes admin or other state corruption occurs

Modern standards like EIP-1967 solve this by using pseudo-random storage slots for proxy variables, making accidental collisions nearly impossible.

Practical Example

The Audius protocol suffered a storage collision vulnerability in 2022. Attackers exploited a collision between the proxy's initialization state and the implementation's storage layout to reinitialize the contract with themselves as the admin. They then upgraded the implementation to a malicious contract and drained approximately $6 million in tokens. This exploit highlighted the importance of proper storage slot management in upgradeable contracts.

Why it Matters

Storage collisions can completely compromise protocol security, enabling admin takeovers, balance manipulation, and fund theft. Developers must carefully manage storage layouts across upgrades, using inherited storage patterns or gap variables for future additions. Auditors specifically check for storage collisions in upgrade reviews.