c4-judge
commented
1 year ago Picodes marked the issue as grade-a
Open code423n4 opened 1 year ago
c4-judge
commented
1 year ago Picodes marked the issue as grade-a
c4-judge
commented
1 year ago Picodes marked the issue as selected for report
Picodes
commented
1 year ago For the report:
L-10: can be changed to NC as discussed here https://github.com/code-423n4/2023-07-lens-findings/issues/166. L-12: can be changed to NC in the absence of an example.
Note as well #138, #139 among downgraded findings.
Overall outstanding work!
thebrittfactor
commented
9 months ago For transparency, the sponsor has responded via outside communications with the following comments:
[L-05] It does not apply, it is a feature by design, not an issue at all, and no risk involved. [L-06] Does not make sense, you can always add checks for things that your business logic does not allow, but what is the point? A mirror cannot initialize a publication action, and that's part of the core business logic, so no extra checks needed. [N-06] That is perfectly fine and fair! This is not an issue.
donosonaumczuk
commented
9 months ago [L-05] This is by design. Also "switching back to a previous config might potentially give the previous owner the ability to steal the profile" is invalid, as delegated executors have only rights over social operations (e.g. post, comment, follow, etc) but not over asset operations (e.g. approve, transferFrom, etc)
donosonaumczuk
commented
9 months ago [L-06] Does not make sense, you can always add checks for things that your business logic does not allow, but what is the point? A mirror cannot initialize a publication action, and that's part of the core business logic, so no extra checks needed.
See the markdown file with the details of this report here.