eip-1967 reserved storage slots prevent proxy implementation address collisions

# eip-1967 reserved storage slots prevent proxy implementation address collisions EIP-1967 standardizes specific storage slot positions for proxy metadata — implementation address, admin address, and beacon address. Slots are derived by computing `keccak256("eip1967.proxy.implementation") - 1`, ensuring they land at pseudo-random positions that are astronomically unlikely to collide with sequential variable layout. This prevents the implementation's state variables from accidentally overlapping with the proxy's internal bookkeeping. Since [[storage layout must remain consistent across proxy implementation versions]], having standardized non-colliding slots for proxy metadata is a foundational safety mechanism. [[eip-7201 namespaced storage provides structured collision avoidance for upgradeable contracts|EIP-7201]] extends this approach to arbitrary storage namespaces. Because [[delegatecall executes code from another contract using the callers storage context|delegatecall maps all storage writes to the proxy]], any collision between implementation variables and proxy metadata corrupts the upgrade mechanism itself. The standardization also creates a security responsibility: EIP-1967 slot positions are the authoritative source of proxy state, but monitoring tools that check older pre-standardization proxy slots for backward compatibility can be deceived. Since [[CPIMP storage slot misdirection stores the shadow implementation in legacy proxy slots that Etherscan reads while keeping the legitimate address in the standard EIP-1967 slot visible to block explorers]], CPIMP exploits block explorer backward compatibility to show the legitimate address in the legacy slot while the actual EIP-1967 slot holds the malicious implementation. Since [[post-deployment verification by directly reading ERC1967 implementation storage slots detects proxy hijacking that block explorer displays and emitted events conceal]], reading the canonical EIP-1967 slot directly via `eth_getStorageAt` is the only authoritative verification approach. --- Relevant Notes: - [[storage layout must remain consistent across proxy implementation versions]] — the problem this partially solves - [[eip-7201 namespaced storage provides structured collision avoidance for upgradeable contracts]] — the extension to arbitrary namespaces - [[delegatecall executes code from another contract using the callers storage context]] — the mechanism that makes slot collision dangerous - [[CPIMP storage slot misdirection stores the shadow implementation in legacy proxy slots that Etherscan reads while keeping the legitimate address in the standard EIP-1967 slot visible to block explorers]] — exploits backward compatibility between pre-standardization and EIP-1967 slot positions to deceive monitoring tools - [[post-deployment verification by directly reading ERC1967 implementation storage slots detects proxy hijacking that block explorer displays and emitted events conceal]] — extends: direct canonical slot reads are the authoritative verification approach that misdirection-based attacks cannot defeat Topics: - [[security-patterns]]