Open code423n4 opened 2 years ago
Constructor issue solved in https://github.com/aave/lens-protocol/pull/80, initialization is a tradeoff we're willing to take, since the hub is only initialized at proxy construction, an error here would mean redeployment as far as I can tell, which is alright. The reason we implemented the checks in constructors is because constructors are not part of the runtime code, so don't affect the code size.
Handle stuff is meant to be delegated to whitelisted profile creators.
Low
There is a common practice of not checking the inputs during the construction of the contracts (
constructor
)There is a common practice of not checking the inputs during the initialization of the contracts (
initialize
)Logic around handle verification is not completely secure, it's allow handles like
.......