search

code-423n4 / 2023-07-lens-findings

0 stars 0 forks source link

Incorrect Incrementation of Follower Count in _replaceFollower Function #129

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-07-lens/blob/cdef6ebc6266c44c7068bc1c4c04e12bf0d67ead/contracts/FollowNFT.sol#L379

Vulnerability details

Impact

In the _replaceFollower function, the follower count (_followerCount) is incremented whenever currentFollowerProfileId equals 0. This implementation seems flawed, as the function's purpose is to replace a current follower with a new one, not to add a new follower.

As a result, the _followerCount is even more inaccurate

Proof of Concept

https://github.com/code-423n4/2023-07-lens/blob/cdef6ebc6266c44c7068bc1c4c04e12bf0d67ead/contracts/FollowNFT.sol#L379

Tools Used

None

Recommended Mitigation Steps

Revise the _replaceFollower function to ensure the _followerCount remains constant when a follower is replaced. The _followerCount should only be incremented when a follower is genuinely added

Assessed type

Math

c4-pre-sort commented 1 year ago

141345 marked the issue as low quality report

141345 commented 1 year ago

invalid

Follower Count only increase if does not have follower now.

File: contracts\FollowNFT.sol
373:         if (currentFollowerProfileId != 0) {
374:             // As it has a follower, unfollow first, removing the current follower.
375:             delete _followTokenIdByFollowerProfileId[currentFollowerProfileId];
376:             ILensHub(HUB).emitUnfollowedEvent(currentFollowerProfileId, _followedProfileId);
377:         } else {
378:             unchecked {
379:                 _followerCount++;
380:             }
381:         }
c4-judge commented 1 year ago

Picodes marked the issue as unsatisfactory: Invalid