Open hats-bug-reporter[bot] opened 1 week ago
Thank you for your report on the avatar insertion during migration. After careful review, we've determined that this is not an issue.
The behavior you've observed is due to the intentional design of our avatar storage system. Avatars are stored as a linked list to ensure iterability. This structure allows for efficient traversal and management of avatars within our system.
We appreciate your attention to detail in examining our migration process. Your thorough analysis of our data structures contributes to the overall understanding of our system's architecture. Thank you for your diligence in reviewing our implementation.
Github username: @djanerch Twitter username: djanerch Submission hash (on-chain): 0x6179b76a8054492237dee10e3bdfa3bd18bec3276a3c05b6f8b968eb94868e0b Severity: medium
Description: Description \ When the
_insertAvatar
function is called, a new avatar is inserted into theavatars
array. However, the function is implemented incorrectly. It should record the new avatars and associate them with their respective addresses. Instead, it incorrectly associates the last inserted address with the new record, rather than using the correct address.Attack Scenario \ Let’s assume we are working with the address
0x10
and the last added address is0x9
. The function will create a record foravatars[0x10]
but assign it the value of0x9
, causing the wrong address to be recorded. As a result, during migration, our address will not be updated correctly.For instance, in the following part of the
migrate
function, where the user passes an array of avatars (which may come from the internalavatars
array), the function iterates over the array and retrieves the recorded addresses. Due to the incorrect recording, the last address will not be updated:This will result in an incorrect migration where the last recorded avatar address is not properly updated.
Attachments
Proof of Concept (PoC) File
Revised Code File (Optional)
Files: