Status update missing prompt

[mingbaile]

Hi, we are a research group on programming languages and software engineering. We recently conducted a systematic study on the causes, effects, and fixes of the inconsistent state update vulnerability in solidity. We are attempting to build a tool to detect bugs about state updates based on our findings. We have tried our prototype tool on some popular Github solidity repositories, and for your repository, we found that there are status updates that may have been missed.
When we declare a state variable in a contract, if the variable is not reassigned throughout the project, then it may be a missing status update, including the balance, order number, counter, contract status flag, and so on.
For your repository, we found the following state variables that may need attention:

CarbonOffsetBatchesStorage.sol
State variable: DEPRECATED_URIs, DEPRECATED_VERIFIERS

    mapping(string => bool) private DEPRECATED_URIs;
    mapping(address => bool) private DEPRECATED_VERIFIERS;

PoolStorage.sol
State variable: DEPRECATED_regions, DEPRECATED_standards, DEPRECATED_methodologies

    mapping(string => bool) private DEPRECATED_regions;
    //slither-disable-next-line constable-states
    mapping(string => bool) private DEPRECATED_standards;
    //slither-disable-next-line constable-states
    mapping(string => bool) private DEPRECATED_methodologies;

Do you find our results useful? Your reply and invaluable suggestions would be greatly appreciated, and are vital for improving our tool. Thanks a lot for your time!

[aspiers]

Hey @mingbaile, interesting work on this tool. As you can see from the findings here, all of the unused variables are deprecated, so this is something we were already aware of. The variables cannot be removed because we have to preserve storage layout during upgrades for backwards compatibility. So I think your tool should incorporate a mechanism for taking this type of scenario into account, in order to avoid these false positives.