Skip to content

Storage Layout Risk

Why This Matters

Transparent-proxy upgrades preserve proxy storage. New implementations must remain storage-compatible with old layouts.

Risks

  • slot collisions
  • changed struct ordering
  • accidental overwrite of authorization state
  • breakage of initializer version semantics

Required Controls

  • layout diff tooling before proposal
  • explicit migration/reinitializer plan when needed
  • post-upgrade sanity reads on critical slots (owner, role maps, policy hashes)

High-Risk Contracts

  • DepositContractCTN
  • CenturionEconomicController
  • CenturionVaultFactory
  • CenturionClaimGatekeeper

These hold dense, stateful mappings and policy values where corruption can produce silent safety regressions.

Abort Conditions

Abort an upgrade if a field is reordered, deleted, type-changed, inserted before existing storage, or if a new external function collides with proxy reserved accessors such as proxyAdmin, proxyImplementation, or proxyInitializedVersion.

Evidence To Archive

Storage layout diff, reviewer signoff, expected initialized version, reinitializer calldata, and post-upgrade state readback for critical ownership, role, policy, and accounting slots.