search

code-423n4 / 2023-07-lens-findings

0 stars 0 forks source link

the unfollow contract does random unfollow process of random follow token. #183

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-07-lens/blob/cdef6ebc6266c44c7068bc1c4c04e12bf0d67ead/contracts/FollowNFT.sol#L104-L105

Vulnerability details

Impact

in the FollowNft.sol we have to unfollow function this function is supposed to do unfollow process but as you see the followTokenId variable just returns one random follow id with profile id through mapping and there is no option to select which follow nft id user wants to unfollow.

Proof of Concept

instance:

https://github.com/code-423n4/2023-07-lens/blob/cdef6ebc6266c44c7068bc1c4c04e12bf0d67ead/contracts/FollowNFT.sol#L103-L128 

 function unfollow(uint256 unfollowerProfileId, address transactionExecutor) external override onlyHub {
        uint256 followTokenId = _followTokenIdByFollowerProfileId[unfollowerProfileId];
        if (followTokenId == 0) {
            revert NotFollowing();
        }
        address followTokenOwner = _unsafeOwnerOf(followTokenId);
        if (followTokenOwner == address(0)) {
            // Follow token is unwrapped.
            // Unfollowing and allowing recovery.
            _unfollow({unfollower: unfollowerProfileId, followTokenId: followTokenId});
            _followDataByFollowTokenId[followTokenId].profileIdAllowedToRecover = unfollowerProfileId;
        } else {
            // Follow token is wrapped.
            address unfollowerProfileOwner = IERC721(HUB).ownerOf(unfollowerProfileId);
            // Follower profile owner or its approved delegated executor must hold the token or be approved-for-all.
            if (
                (followTokenOwner != unfollowerProfileOwner) &&
                (followTokenOwner != transactionExecutor) &&
                !isApprovedForAll(followTokenOwner, transactionExecutor) &&
                !isApprovedForAll(followTokenOwner, unfollowerProfileOwner)
            ) {
                revert DoesNotHavePermissions();
            }
            _unfollow({unfollower: unfollowerProfileId, followTokenId: followTokenId});
        }
    }

Tools Used

vs code

Recommended Mitigation Steps

Assessed type

Other

c4-pre-sort commented 1 year ago

141345 marked the issue as low quality report

141345 commented 1 year ago

invalid

need to provide unfollowerProfileId

141345 commented 1 year ago

invalid

need to provide unfollowerProfileId

c4-judge commented 1 year ago

Picodes marked the issue as unsatisfactory: Insufficient quality