eip-1967 reserved storage slots prevent proxy implementation address collisions

# eip-1967 reserved storage slots prevent proxy implementation address collisions EIP-1967 standardizes storage slot positions for proxy metadata (implementation, admin, beacon addresses). Slots are derived from `keccak256("eip1967.proxy.implementation") - 1`, landing at pseudo-random positions astronomically unlikely to collide with sequential variable layout. This prevents implementation state variables from overlapping with proxy bookkeeping. Since [[storage layout must remain consistent across proxy implementation versions]], standardized non-colliding slots are foundational. [[eip-7201 namespaced storage provides structured collision avoidance for upgradeable contracts|EIP-7201]] extends this to arbitrary namespaces. Because [[delegatecall executes code from another contract using the callers storage context|delegatecall maps all writes to the proxy]], collisions corrupt the upgrade mechanism itself. The standardization creates a security responsibility: monitoring tools checking older pre-standardization slots for backward compatibility can be deceived. Since [[CPIMP defeats detection by layering fake ERC1967 Upgraded events with legacy storage slot misdirection so each standard monitoring method sees the legitimate implementation]], CPIMP exploits this by showing the legitimate address in the legacy slot while the actual EIP-1967 slot holds the malicious implementation. Since [[post-deployment verification by directly reading ERC1967 implementation storage slots detects proxy hijacking that block explorer displays and emitted events conceal]], reading the canonical slot via `eth_getStorageAt` is the only authoritative verification. --- Relevant Notes: - [[storage layout must remain consistent across proxy implementation versions]]: the problem this partially solves - [[eip-7201 namespaced storage provides structured collision avoidance for upgradeable contracts]]: the extension to arbitrary namespaces - [[delegatecall executes code from another contract using the callers storage context]]: the mechanism that makes slot collision dangerous - [[CPIMP defeats detection by layering fake ERC1967 Upgraded events with legacy storage slot misdirection so each standard monitoring method sees the legitimate implementation]]: exploits backward compatibility between pre-standardization and EIP-1967 slot positions to deceive monitoring tools - [[post-deployment verification by directly reading ERC1967 implementation storage slots detects proxy hijacking that block explorer displays and emitted events conceal]]: extends: direct canonical slot reads are the authoritative verification approach that misdirection-based attacks cannot defeat Topics: - [[security-patterns]]