oneski
commented
2 years ago Decline. This is by design. Collect modules can be created that prohibit this behavior, but collecting a publication multiple times is valid.
Closed code423n4 closed 2 years ago
oneski
commented
2 years ago Decline. This is by design. Collect modules can be created that prohibit this behavior, but collecting a publication multiple times is valid.
tabshaikh
commented
2 years ago duplicate of #35
Lines of code
https://github.com/code-423n4/2022-02-aave-lens/blob/aaf6c116345f3647e11a35010f28e3b90e7b4862/contracts/libraries/InteractionLogic.sol#L97
Vulnerability details
Impact
The
InteractionLogic.collectfunction does not check if the collector already collected the publication. They can be collected several times by the same collector.Recommended Mitigation Steps
Ensure that the caller has not already collected the
pubId.