gzeoneth
commented
2 years ago Low probability and asset will not be lost directly. Judging this and all duplicates as Med Risk.
Open code423n4 opened 2 years ago
gzeoneth
commented
2 years ago Low probability and asset will not be lost directly. Judging this and all duplicates as Med Risk.
gzeoneth
commented
2 years ago I believe #83 described this better.
chase-manning
commented
2 years ago
Lines of code
https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/access/RoleManager.sol#L155
Vulnerability details
Impact
The function doesn't remove the address from _roleMembers[role] set, which will mess up with the roleCount
Proof of Concept
Tools Used
Recommended Mitigation Steps