A handle consisting only of dots . can be created in PublishingLogic._validateHandle.
I believe the intention was to have at least 1 alpha-numeric character in the handle and only use the . as a separator.
for (uint256 i = 0; i < byteHandle.length; ++i) {
if (
(byteHandle[i] < '0' ||
byteHandle[i] > 'z' ||
(byteHandle[i] > '9' && byteHandle[i] < 'a')) && byteHandle[i] != '.'
) revert Errors.HandleContainsInvalidCharacters();
}
Lines of code
https://github.com/code-423n4/2022-02-aave-lens/blob/aaf6c116345f3647e11a35010f28e3b90e7b4862/contracts/libraries/PublishingLogic.sol#L407
Vulnerability details
Impact
A handle consisting only of dots
.
can be created inPublishingLogic._validateHandle
. I believe the intention was to have at least 1 alpha-numeric character in the handle and only use the.
as a separator.Recommended Mitigation Steps
Check that the
handle
does not consist of only.
.