Description:Description\
In ManagedNFTManagerUpgradeable.sol, the Managed NFT admin can only add NFTs to the whitelist array. However, it is missing the functionality to remove whitelisted NFTs. If any whitelisted token NFT has an issue, it cannot be removed from the list.
Attack Scenario\
WhiteListed NFTs have voting privileges, such as being able to vote during the distribution window. This can be found in VoterUpgradeableV1_2.sol.
The impact of this vulnerability is the following:
Permanent Privileged Access: Whitelisted NFTs have special voting privileges, including the ability to vote during the distribution window when regular NFTs cannot. If a whitelisted NFT becomes compromised or its owner becomes malicious, there's no way to revoke these privileges.
Manipulation of Voting Process: Since whitelisted NFTs can vote during the distribution window, a compromised or malicious whitelisted NFT could potentially manipulate voting outcomes by casting last-minute votes when other participants can't react.
Inability to Respond to Security Threats: If a vulnerability is discovered in a specific whitelisted NFT, or if its private key is compromised, the protocol has no mechanism to quickly remove its privileged status, leaving the system exposed.
Attachments
Proof of Concept (PoC) File
Revised Code File (Optional)\
The following function can be added to remove whitelised nfts.
Github username: @rilwan99 Twitter username: Ril11111 Submission hash (on-chain): 0x5d236dc878c81b5201a3e978ea31fcd16d8b2b4fe78166791913b79ea616b82d Severity: low
Description: Description\ In
ManagedNFTManagerUpgradeable.sol
, the Managed NFT admin can only add NFTs to the whitelist array. However, it is missing the functionality to remove whitelisted NFTs. If any whitelisted token NFT has an issue, it cannot be removed from the list.Attack Scenario\ WhiteListed NFTs have voting privileges, such as being able to vote during the distribution window. This can be found in
VoterUpgradeableV1_2.sol
.The impact of this vulnerability is the following:
Attachments
Proof of Concept (PoC) File
Revised Code File (Optional)\ The following function can be added to remove whitelised nfts.