Open hats-bug-reporter[bot] opened 1 week ago
The reported issue regarding the potential duplication of atom IDs in the creation of triples has been thoroughly reviewed. Here is our detailed perspective:
Intended Functionality: Allowing identical atom IDs in a triple is an intentional feature. Our system is designed to be flexible, letting users decide the composition of their triples based on their needs and the market's dynamics.
Market Dynamics: By not enforcing unique atom IDs within a triple, we empower the market to naturally determine the value and utility of each triple. Users are free to create triples as they see fit, and the ecosystem will self-regulate based on the perceived value of different configurations.
System Integrity: This approach does not introduce any harm or security vulnerabilities. The primary requirement is that triples are composed of valid atoms, and this condition is maintained regardless of whether the atoms are unique within the triple.
Conclusion: While the lack of a uniqueness check for atom IDs within a triple might seem unconventional, it aligns with our system's philosophy of flexibility and market-driven validation. Therefore, we do not consider this a vulnerability but rather a feature that supports user autonomy and market efficiency, and the report is considered invalid.
Github username: @Al-Qa-qa Twitter username: al_qa_qa Submission hash (on-chain): 0x590efc11e1735caefc941a4b813422392ade726f0329ac1117feaa01cc1b8388 Severity: low
Description: Description\ When Creating triples, there is no check if the ATOM IDs differs or not. So a user can only create one atom, and be able to create Trible with only that one ATOM ID.
EthMultiVault.sol#L586-L598C10
As we can see there is no check weather the ATOM IDs is unique or not, which is not a realistic case to create a triple using only one ATOM vault.
Although it is tolerated for
Semantic triple
to duplicate values, in our Code, it is not a good thing to let it occuar as there are Vaults that are created, and other logics that are build in top of this.Recommendations Check that the provided IDs is unique and no one has the same value as the other.