Lines of code
<https://github.com/code-423n4/2023-01-canto-identity/blob/main/src/AddressRegistry.sol#L21>
<https://github.com/code-423n4/2023-01-canto-identity/blob/main/src/AddressRegistry.sol#L40-L49>
<https://github.com/code-423n4/2023-01-canto-identity/blob/main/src/AddressRegistry.sol#L59-L64>
AddressRegistry might has non-actual record, which leads to inconsistent AddressRegistry state, and might affect possible consumers.
To register favorite NFT user calls register function from AddressRegistry.
Then he sold this NFT to another user, and now he isnβt owner of this NFT.
From this time AddressRegistry has incorrect state and will have this state till previous owner will not delete this entry by itself.
But if AddressRegistry integrated with some services which produces goods, users may donβt delete this record and take all the benefits from another contract.
Manual audit
Add function to force reset record for user, which is not owner of current NFT item.
something like this:
function reset(address addr) external {
uint256 nftId = cidNFTs(addr);
if (nftId == 0) {
return;
}
if (ERC721(cidNFT).ownerOf(nftId) != addr) {
delete cidNFTs[nftId];
}
}
The text was updated successfully, but these errors were encountered:
All reactions