Al-Qa-qa
commented
3 months ago The main issue is that AtomWallets can be deployed using TripleVaults ID's. which should be prevented as AtomWallet Creation only creates AtomWallets using atomURI.
Open hats-bug-reporter[bot] opened 3 months ago
Al-Qa-qa
commented
3 months ago The main issue is that AtomWallets can be deployed using TripleVaults ID's. which should be prevented as AtomWallet Creation only creates AtomWallets using atomURI.
mihailo-maksa
commented
3 months ago Duplicate of issue #32.
Github username: @Al-Qa-qa Twitter username: al_qa_qa Submission hash (on-chain): 0xeb7d1766b9cce7be5d3dd0196cbb78e0ef5987e6add73ef7d19326a02df4b8dd Severity: medium
Description: Description\ When users create Atoms where, each Atom is meant to be a sovereign identity with an associated Eth Address.
When they create atom they use URI, and when deploying Atoms, if the person can prove the ownership of the data, we will be the owner of it.
The problem lies in
deployAtomWallet(), where there is no check if the ID is an Atom Vault or a Triple Vault.We can see in
_createAtom(), we mint some shares to the AtomAddress.But when creating Triples this fees is not taken from the user, and no shares are minted to the Wallet that will target the Triple Vault ID.
Prevent the deployment of the ATOM wallet if the
IDis for a Triple Vault not an Atom Vault.Since the protocol design may choose to support ATOM wallets as Triples, Creation Fees should be taken from them.