Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2023-06-LUKSO-FINDINGS-ISSUES-40
HistoryJul 10, 2023 - 12:00 a.m.

Function collision between extension functions and account functions

2023-07-1000:00:00
Code4rena
github.com
7
extension functions
account functions
function collision
mitigation steps
lukso tech
JSON

Lines of code

Vulnerability details

Impact

Users or owner can’t use extensions because of collision between extension functions and account functions

Proof of Concept

Whenever someone calls account it will check for functions inside it, if there isn’t function it goes to fallback to check extensions.
As mentioned in docs:
<https://docs.lukso.tech/standards/universal-profile/lsp6-key-manager&gt;
β€œwhen the account is called with a function that does not exist natively in its public interface. The fallback function of the linked ERC725Account will handle the call to the extension set for the function selector being called.”
so if someone wants to use an extension if that extension has collision with existing functions, he cannot use.

Tools Used

manual

Recommended Mitigation Steps

save all function selectors and add check before adding extension, for checking function collision .

Assessed type

Other

The text was updated successfully, but these errors were encountered:

All reactions

JSON