Deletion on mapping containing a structure

[hats-bug-reporter[bot]]

Github username: -- Twitter username: -- Submission hash (on-chain): 0xfb22e008c48857e3378ca8fca1bb5f9c81403a6d5496478a95cdfa6577af30c8 Severity: medium

Description: Description\ A deletion in a structure containing a mapping will not delete the mapping (see the Solidity documentation). The remaining data may be used to compromise the contract. Recom Use a lock mechanism instead of a deletion to disable structure containing a mapping.

Attack Scenario\

File: contracts/Most.sol

/// @audit ******************* Issue Detail *******************
Most.receiveRequest(bytes32,uint256,bytes32,uint256,bytes32,uint256) (contracts/Most.sol#201-274) 
deletes Most.Request (contracts/Most.sol#39-42) 
which contains a mapping:
    -delete pendingRequests[requestHash] (contracts/Most.sol#241)

/// @audit ************** Possible Issue Line(s) **************
    L#39-42,  L#241,  

/// @audit ****************** Affected Code *******************
  39:     struct Request {
  40:         uint256 signatureCount;
  41:         mapping(address => bool) signatures;
  42:     }
 241:             delete pendingRequests[requestHash];

Attachments

1. Proof of Concept (PoC) File
2. Steps to produce
   • deploy PoC contract.
   • call addRequest with some uint like 1
   • call getRequestSignatureAdd with same uint to get request.signatures value as true
   • call deleteRequest on uint 1, it will not delete the request.signatures value, confirm it by calling getRequestSignatureAdd again with uint 1

Files:

• PoC - Mapping delete.sol (https://hats-backend-prod.herokuapp.com/v1/files/QmSGz6p8BZBBrJDAkVgrLjjPH7ZfQ8qnkd9xzWR32Fbi6h)

[krzysztofziobro]

duplicate of https://github.com/hats-finance/Most--Aleph-Zero-Bridge-0xab7c1d45ae21e7133574746b2985c58e0ae2e61d/issues/37