user with ADDEXTENSIONS and CHANGEEXTENSIONS will remove extension unintentional

2023-07-1400:00:00

Code4rena

github.com

addextensions

changeextensions

4 bytes function selector

unintentional removal

lsp6setdatamodule

permissions

extension

function selector

mitigation.

JSON

Lines of code

Vulnerability details

Summary

Adding extension use 4 bytes function selector to add new extension, and if user with ADDEXTENSIONS permission
also has CHANGEEXTENSIONS permission and wants to add new extension and there is an extension with that function selector, extension will be removed unintentional.

Impact

extension will be removed unintentional

Proof of Concept

user with ADDEXTENSIONS permission and CHANGEEXTENSIONS permission wants to add new extension(not changing it) and LSP6SetDataModule.sol checks that user has both permissions or not, so it will pass, and extension will be removed.

            // LSP17Extension:&lt;bytes4&gt;
        } else if (bytes12(inputDataKey) == _LSP17_EXTENSION_PREFIX) {
            // same as above. If controller has both permissions, do not read the target storage
            // to save gas by avoiding an extra external view call.
            if (
                controllerPermissions.hasPermission(
                    _PERMISSION_ADDEXTENSIONS | _PERMISSION_CHANGEEXTENSIONS
                )
            ) {
                return bytes32(0);
            }


            return
                _getPermissionToSetLSP17Extension(
                    controlledContract,
                    inputDataKey
                );

Tools Used

manual

Recommended Mitigation Steps

Don’t pass if the user has both permission, and check that is there any extension with those function selector or not

Assessed type

Other

The text was updated successfully, but these errors were encountered:

All reactions

JSON