The processBlock() function does the wrapping process wrongly

[code423n4]

Lines of code

https://github.com/code-423n4/2023-07-lens/blob/cdef6ebc6266c44c7068bc1c4c04e12bf0d67ead/contracts/FollowNFT.sol#L196-L208

Vulnerability details

Impact

The blocking process in the FollowNFT contract needs to wrap it first, but it does the wrapping process wrongly. wrapping process in _wrap() function update some statement and then mint token but if you look at processBlock() function, it's just mint token and doesn't do anything else.

Proof of Concept

instance:

https://github.com/code-423n4/2023-07-lens/blob/cdef6ebc6266c44c7068bc1c4c04e12bf0d67ead/contracts/FollowNFT.sol#L196-L208

function processBlock(uint256 followerProfileId) external override onlyHub returns (bool) {
        bool hasUnfollowed;
        uint256 followTokenId = _followTokenIdByFollowerProfileId[followerProfileId];
        if (followTokenId != 0) {
            if (!_isFollowTokenWrapped(followTokenId)) {
                // Wrap it first, so the user stops following but does not lose the token when being blocked.
                _mint(IERC721(HUB).ownerOf(followerProfileId), followTokenId);
            }
            _unfollow(followerProfileId, followTokenId);
            hasUnfollowed = true;
        }
        return hasUnfollowed;
    }

and as you see it does the deleting unwrapped token is not happening in above function

this part

            delete _followDataByFollowTokenId[followTokenId].profileIdAllowedToRecover;

Tools Used

vscode

Recommended Mitigation Steps

• consider using whole _wrap function like in way that it implemented wrap function.

Assessed type

Other

[c4-pre-sort]

141345 marked the issue as low quality report

[141345]

invalid

expected behavior

[Picodes]

https://github.com/code-423n4/2023-07-lens/blob/cdef6ebc6266c44c7068bc1c4c04e12bf0d67ead/contracts/FollowNFT.sol#L416

[c4-judge]

Picodes marked the issue as unsatisfactory: Invalid