Instance variables in Rack middleware are bad. They are not thread safe and are insidious to track down issues relating to it.

Ref:

1. puma/puma#2001
2. https://bernardoamc.com/rails-middleware-leak/
3. https://crypt.codemancers.com/posts/2018-06-07-frozen-middleware-with-rack-freeze/

Since this is such a gotcha, I (via my company) would gladly sponsor development of such a cop to walk the middleware hierarchy and catch offenders which could occur at app level or third party.