in the FollowNft.sol we have to unfollow function this function is supposed to do unfollow process but as you see the followTokenId variable just returns one random follow id with profile id through mapping and there is no option to select which follow nft id user wants to unfollow.
Lines of code
https://github.com/code-423n4/2023-07-lens/blob/cdef6ebc6266c44c7068bc1c4c04e12bf0d67ead/contracts/FollowNFT.sol#L104-L105
Vulnerability details
Impact
in the FollowNft.sol we have to unfollow function this function is supposed to do unfollow process but as you see the
followTokenId
variable just returns one random follow id with profile id through mapping and there is no option to select which follow nft id user wants to unfollow.Proof of Concept
instance:
https://github.com/code-423n4/2023-07-lens/blob/cdef6ebc6266c44c7068bc1c4c04e12bf0d67ead/contracts/FollowNFT.sol#L103-L128
Tools Used
vs code
Recommended Mitigation Steps
Assessed type
Other