Storage Slot Explained in Detail
EVM storage is organized into 32-byte slots. Solidity assigns state variables to slots using storage-layout rules, packs smaller values when possible, and derives mapping or dynamic-array locations with hashes.
A variable does not always consume exactly one slot. Several small values can share a slot, while structs, arrays, mappings, and proxy metadata such as EIP-1967 implementation, admin, and beacon slots require more careful layout analysis.
Smart contract example
These two variables can pack into one slot:
uint128 public a;
uint128 public b;
uint256 public c;
Changing the order later can change packing and break an upgradeable proxy that expects the old layout.
Storage Slot in Auditing
Storage slots are where persistent authority, balances, debt, flags, and proxy pointers live. Incorrect slot assumptions can corrupt state or produce a storage collision.
Auditors review slot use in upgrades, assembly code, libraries, custom storage namespaces, and delegatecall systems where one contract's code writes into another contract's storage.
Red flags in code
-
Manual
sstoreorsloadwith hardcoded slot constants. -
Storage variables reordered, removed, or changed between implementations.
-
Mapping or array slot calculations implemented manually.
-
Proxy implementation, admin, beacon, or namespace slots are not isolated with known constants.
-
Small packed variables updated without considering adjacent values in the same slot.
How to test or review it
-
Generate compiler storage layout output for each implementation version.
-
Compare slot, offset, and type for every existing variable after an upgrade.
-
Review custom slot constants against EIP-1967, EIP-7201-style namespaces, or the project's documented namespace convention.
-
Test storage writes before and after upgrades with real state seeded in the proxy.
-
Inspect assembly paths that read or write storage outside ordinary Solidity variables.