Open this lesson in your favourite AI. It'll walk you through the why, explain the demo, and quiz you on the try-it list.
Solidity's storage is a 256-bit-keyed key/value store. Slot 0 holds the first state variable, slot 1 the next, and so on. Get the layout wrong (in proxies, in libraries, in struct padding) and you have storage collisions — one variable's writes silently corrupting another's reads. Real CVEs: dydx v3, multiple proxy upgrades, audius governance.
EIP-1967 mandates specific slots (e.g. keccak256('eip1967.proxy.implementation') - 1) for proxy state so it can't collide with the implementation's storage. Custom proxies that don't follow this convention have been exploited repeatedly.
proxy-storage-collision exercise on Ethernaut). Trigger the collision.forge inspect <Contract> storageLayout check to CI. Diff against last known-good. Alert on changes.Use these three in order. Each builds on the one before.
In one paragraph, explain Solidity storage layout.
Walk me through a proxy storage-collision attack.
Design a CI gate that detects storage layout drift across upgrades.