Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2023-01-CANTO-IDENTITY-FINDINGS-ISSUES-110
HistoryFeb 03, 2023 - 12:00 a.m.

AddressRegistry might have non-actual record

2023-02-0300:00:00
Code4rena
github.com
6
addressregistry
non-actual record
inconsistent state
consumers
mitigation
force reset
non-owner
potential impact
JSON

Lines of code
<https://github.com/code-423n4/2023-01-canto-identity/blob/main/src/AddressRegistry.sol#L21&gt;
<https://github.com/code-423n4/2023-01-canto-identity/blob/main/src/AddressRegistry.sol#L40-L49&gt;
<https://github.com/code-423n4/2023-01-canto-identity/blob/main/src/AddressRegistry.sol#L59-L64&gt;

Vulnerability details

Impact

AddressRegistry might has non-actual record, which leads to inconsistent AddressRegistry state, and might affect possible consumers.

Proof of Concept

To register favorite NFT user calls register function from AddressRegistry.
Then he sold this NFT to another user, and now he isn’t owner of this NFT.
From this time AddressRegistry has incorrect state and will have this state till previous owner will not delete this entry by itself.

But if AddressRegistry integrated with some services which produces goods, users may don’t delete this record and take all the benefits from another contract.

Tools Used

Manual audit

Recommended Mitigation Steps

Add function to force reset record for user, which is not owner of current NFT item.
something like this:

function reset(address addr) external {
    uint256 nftId =  cidNFTs(addr);
    if (nftId == 0) {
        return;
    }
    if (ERC721(cidNFT).ownerOf(nftId) != addr) {
        delete cidNFTs[nftId];
    }
}

The text was updated successfully, but these errors were encountered:

All reactions

JSON