search

code-423n4 / 2023-07-lens-findings

0 stars 0 forks source link

Migration of Profiles can fail due to difference in handle validity in V1 and V2 #166

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-07-lens/blob/cdef6ebc6266c44c7068bc1c4c04e12bf0d67ead/contracts/libraries/MigrationLib.sol#L60

Vulnerability details

Impact

Profiles with certain type of handles in V1 cannot be migrated to V2.

Proof of Concept

In V1 and V2, the validity of handles is determined differently. Due to this it is possible that some profiles have handles that are valid according to V1 validation but fails the validation when attempting to migrate to V2.

V1 Handle Validation : https://github.com/lens-protocol/core/blob/2c843f827d9614bf633e989facd877301d97ce8b/contracts/libraries/PublishingLogic.sol#L391

V2 Handle Validation for Migrating profiles: https://github.com/code-423n4/2023-07-lens/blob/cdef6ebc6266c44c7068bc1c4c04e12bf0d67ead/contracts/namespaces/LensHandles.sol#L202

As an example: hellov1 is a valid handle in V1. But this profile cannot be migrated to V2 as is not allowed as as a starting character in V2.

Tools Used

Manual Review

Recommended Mitigation Steps

Use compatible set of validation for V1 and V2

Assessed type

Invalid Validation

c4-pre-sort commented 1 year ago

141345 marked the issue as duplicate of #56

donosonaumczuk commented 1 year ago

Lens V1 handle validity is also taking into account the validations put on top by the ProfileCreationProxy, which is the only whitelisted profile creator in Lens V1 (there are two ProfileCreationProxy whitelisted with same restrictions except for the handle lengths). Lens V2 migration validation takes them into account.

Replying to the given specific example, _hellov1 was not a valid handle in Lens V1, as the ProfileCreationProxy was disallowing the usage of _ at starting character for a handle.

c4-sponsor commented 1 year ago

donosonaumczuk marked the issue as sponsor disputed

c4-judge commented 1 year ago

Picodes marked the issue as selected for report

c4-judge commented 1 year ago

Picodes marked the issue as unsatisfactory: Insufficient proof

Picodes commented 1 year ago

Closing for "insufficient proof" as it seems the sponsor is correct and these handles in fact don't exist in V1