c4-pre-sort
commented
1 year ago 141345 marked the issue as low quality report
Closed code423n4 closed 1 year ago
c4-pre-sort
commented
1 year ago 141345 marked the issue as low quality report
141345
commented
1 year ago lib func cannot be directly called
Picodes
commented
1 year ago external in library means DELEGATECALL instead of inlining the code.
c4-judge
commented
1 year ago Picodes marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-07-lens/blob/main/contracts/libraries/ProfileLib.sol#L105 https://github.com/code-423n4/2023-07-lens/blob/main/contracts/libraries/ProfileLib.sol#L96 https://github.com/code-423n4/2023-07-lens/blob/main/contracts/libraries/ProfileLib.sol#L204 https://github.com/code-423n4/2023-07-lens/blob/main/contracts/libraries/ProfileLib.sol#L81
Vulnerability details
Impact
The LensHub.sol functions setProfileMetadataURI(), setProfileMetadataURIWithSig(), setFollowModule(), setFollowModuleWithSig(), collect(), collectWithSig(), act(), actWithSig(), setProfileImageURI(), setProfileImageURIWithSig() and others use onlyProfileOwnerOrDelegatedExecutor modifiers and whenNotPaused. However, modifier checking can be bypassed by calling these functions directly in the libraries.
Proof of Concept
Callable functions in libraries are external and do not check the calling address https://github.com/code-423n4/2023-07-lens/blob/main/contracts/libraries/ProfileLib.sol#L105 https://github.com/code-423n4/2023-07-lens/blob/main/contracts/libraries/ProfileLib.sol#L96 https://github.com/code-423n4/2023-07-lens/blob/main/contracts/libraries/ProfileLib.sol#L204 https://github.com/code-423n4/2023-07-lens/blob/main/contracts/libraries/ProfileLib.sol#L81 And others.
Tools Used
VSCode
Recommended Mitigation Steps
Check in libraries that they are called by the LensHub.sol contract
Assessed type
Access Control