Open hats-bug-reporter[bot] opened 1 week ago
I think, its already checked for wallets too.
// Avoid duplicate wallet
if (listed[org][wallet] != address(0)) {
revert Errors.UserAlreadyOnList();
}
well two things!!
addToList
and dropToList
like mention @0xRizwan: // Avoid duplicate wallet
if (listed[org][wallet] != address(0)) {
revert Errors.UserAlreadyOnList();
}
so taking into account all of this this is not a issue!!
Github username: -- Twitter username: -- Submission hash (on-chain): 0x1872d6ef7ff11023e34a4d3463a6b294e1887278f1feb5c6240af1cf7ef4102f Severity: medium
Description:
Description
The protocol uses a
Denyfeature/AllowFeature
. These features are used inside theDenied
Modifier to check if the address is whitelisted/blacklisted:Furthermore, the
denyFeature/allowFeature
is used for a check inside functionAddToList
:The problem however has to do with the check performed inside
addToList
:This line of code checks if the
Helpers
(AllowFeature/DenyFeature) are enabled, if not it will revert.But not anywhere inside the function does it check if the wallets of the users are whitelisted or blacklisted if one of the
Helpers
were to be enabled.This means that users that are
blacklisted
can still be added to the List.Tools used
Manual Review
Recommendation
Make sure to implement the
Denied
modifier inside this function to check for the wallets of the users.