search

code-423n4 / 2022-02-nested-findings

0 stars 0 forks source link

Wrong implementation of OperatorResolver::areOperatorsImported #78

Closed harleythedogC4 closed 2 years ago

harleythedogC4 commented 2 years ago

This issue has been created to upgrade a QA report submission to a medium severity finding. From kenzo:

Wrong implementation of OperatorResolver::areOperatorsImported The function as implemented will return true if the operators have same implementation but different selector, or different implementation but same selector. This might cause users/admins to think an upgrade has happened successfully when it fact it was not. Code ref:

        if (
            operators[names[i]].implementation != destinations[i].implementation &&
            operators[names[i]].selector != destinations[i].selector
        ) {
            return false;
        }

The condition should be ||, not &&.

harleythedogC4 commented 2 years ago

And this is a duplicate of #17.