141345
commented
1 year ago not bug, many social media has "deleted account" follower
more like design choice, or at most QA
Closed code423n4 closed 1 year ago
141345
commented
1 year ago not bug, many social media has "deleted account" follower
more like design choice, or at most QA
vicnaum
commented
1 year ago This is by-design, because performing unfollowing logic if the burnt user had 100 000 followers is unreal considering the gas spending. We have this comment in code describing that the followerCount might be inaccurate in case of burned profile:
c4-sponsor
commented
1 year ago vicnaum marked the issue as sponsor disputed
c4-judge
commented
1 year ago Picodes marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-07-lens/blob/05a19c19e41a2057334b92a8d6892378c649621a/contracts/base/LensProfiles.sol#L93-L100 https://github.com/code-423n4/2023-07-lens/blob/68809f077ae9239a40409f69257d100c29d6ff23/contracts/LensHub.sol#L368-L379
Vulnerability details
Impact
follow still exist even profile burned, make follow data unreal
Proof of Concept
it seems that the user can burn his profile freely, even if he has followed people. If user burns his profile,
we should erase his data, unfollow logic after burn is necessary.
Tools Used
manual
Recommended Mitigation Steps
add unfollow logic after burn
Assessed type
Context