Open code423n4 opened 2 years ago
Will be changed to use the new exists()
terminology. Valid!
Correction, we won't be using exists()
to prevent extra calls, adding this comment!
Resolved in https://github.com/aave/lens-protocol/pull/69
Nice find!
Lines of code
https://github.com/code-423n4/2022-02-aave-lens/blob/main/contracts/libraries/InteractionLogic.sol#L49
Vulnerability details
When someone tries to follow a profile, it checks if the handle exists, and if it doesn't, it reverts because the profile is deleted. The problem is that there might be a new profile with the same handle as the deleted one, allowing following deleted profiles.
Proof of Concept
Alice creates a profile with the handle "alice." The profile id is 1. she deleted the profile. she opens a new profile with the handle "alice". The new profile id is 2. bob tries to follow the deleted profile (id is 1). the check
doesn't revert because there exists a profile with the handle "alice". Therefore bob followed a deleted profile when he meant to follow the new profile.
Recommended Mitigation Steps
change to: