Adding extension use 4 bytes function selector to add new extension, and if user with ADDEXTENSIONS permission
also has CHANGEEXTENSIONS permission and wants to add new extension and there is an extension with that function selector, extension will be removed unintentional.
user with ADDEXTENSIONS permission and CHANGEEXTENSIONS permission wants to add new extension(not changing it) and LSP6SetDataModule.sol checks that user has both permissions or not, so it will pass, and extension will be removed.
// LSP17Extension:<bytes4>
} else if (bytes12(inputDataKey) == _LSP17_EXTENSION_PREFIX) {
// same as above. If controller has both permissions, do not read the target storage
// to save gas by avoiding an extra external view call.
if (
controllerPermissions.hasPermission(
_PERMISSION_ADDEXTENSIONS | _PERMISSION_CHANGEEXTENSIONS
)
) {
return bytes32(0);
}
return
_getPermissionToSetLSP17Extension(
controlledContract,
inputDataKey
);
manual
Donβt pass if the user has both permission, and check that is there any extension with those function selector or not
Other
The text was updated successfully, but these errors were encountered:
All reactions