vicnaum
commented
1 year ago This behaviour is intended (accepting lowercase only), but we should leave a comment to document this. Issue should be QA.
Closed code423n4 closed 1 year ago
vicnaum
commented
1 year ago This behaviour is intended (accepting lowercase only), but we should leave a comment to document this. Issue should be QA.
c4-sponsor
commented
1 year ago vicnaum marked the issue as disagree with severity
c4-judge
commented
1 year ago Picodes changed the severity to QA (Quality Assurance)
c4-judge
commented
1 year ago Picodes marked the issue as grade-b
Lines of code
https://github.com/code-423n4/2023-07-lens/blob/cdef6ebc6266c44c7068bc1c4c04e12bf0d67ead/contracts/namespaces/LensHandles.sol#L250
Vulnerability details
Impact
Severity: Medium Likelihood: High
Description
The _isAlphaNumeric function in the LensHandles.sol contract does not correctly handle uppercase letters. This function is intended to check if a given string is alphanumeric, but due to the current implementation, it fails to recognize uppercase letters as valid alphanumeric characters. This could lead to unexpected behavior if the function is used to validate user inputs or other strings that may contain uppercase letters.
Tools Used
Manual Code Review
Recommendation
It is recommended to adjust the _isAlphaNumeric function to correctly handle uppercase letters. This could be achieved by converting the input string to lowercase before performing the alphanumeric check, or by adjusting the check itself to include the range of ASCII values for uppercase letters.
Recommended Mitigation Steps