search

code-423n4 / 2023-07-lens-findings

0 stars 0 forks source link

Migration of Profiles can fail due to existance of same handle #170

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-07-lens/blob/cdef6ebc6266c44c7068bc1c4c04e12bf0d67ead/contracts/libraries/MigrationLib.sol#L60

Vulnerability details

Impact

Some profiles cannot be migrated to V2 if their handle tokenId has already been minted.

Proof of Concept

A handle can be minted in the LensHandles contract before a profile that would have the same handle is migrated from V1.

https://github.com/code-423n4/2023-07-lens/blob/cdef6ebc6266c44c7068bc1c4c04e12bf0d67ead/contracts/namespaces/LensHandles.sol#L87-L94

When the profile attempts to migrate, it would revert since the handle tokenId has already been minted. Hence the profile will be unable to migrate to V2.

Tools Used

Manual Review

Recommended Mitigation Steps

Before minting a handle check whether it belongs to a V1 profile.

Assessed type

Other

c4-pre-sort commented 1 year ago

141345 marked the issue as duplicate of #143

c4-judge commented 1 year ago

Picodes marked the issue as satisfactory