Closed code423n4 closed 2 years ago
pauliax
function removeOperator has this check:
(i > 0, "NestedFactory::removeOperator: Cant remove non-existent operator");
However, 0 is actually a valid index of the array. It represents the first operator.
A potential solution is to use the EnumerableSet to manage the operators: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/utils/structs/EnumerableSet.sol
Duplicated : #58
Duplicate of #220
Handle
pauliax
Vulnerability details
Impact
function removeOperator has this check:
However, 0 is actually a valid index of the array. It represents the first operator.
Recommended Mitigation Steps
A potential solution is to use the EnumerableSet to manage the operators: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/utils/structs/EnumerableSet.sol