Open hats-bug-reporter[bot] opened 1 week ago
Attack scenario described seems to be correct, i think this should be Medium severity.
@alfredolopez80 @0xRizwan , thanks. i think the issue is in medium severity due to a doc in competition scope.
Agreed, Historically such issues are considered as Medium severity.
Github username: @0xmahdirostami Twitter username: 0xmahdirostami Submission hash (on-chain): 0x3a209da07e47ea408d83f5ada006360c3e100671c7003cd5990f5fd8d705a2bf Severity: medium
Description: Description: The
registerOrg
function in the contract can be exploited by an attacker to perform denial-of-service (DoS) attacks or gas griefing against other users. The function allows for the creation of organizations, but it doesn't adequately handle the scenario where an organization name is already registered. An attacker can front-run a legitimate user's transaction to create an organization with a desired name, causing the legitimate user's transaction to fail. This forces the user to attempt the process again.Impact: Denial of Service (DoS) and Gas Griefing
Scenario:
Proof of Concept (PoC): The
registerOrg
function calls_createOrgOrRoot
, which includes the following logic:Due to the
isOrgRegistered
check, the function reverts if an organization with the same name is already registered.Mitigation: To prevent this attack, include the caller's address in the hash when creating an organization. This ensures that organization names are unique to each user, preventing front-running attacks.
Updated
_createOrgOrRoot
function:By including the
caller
address in the hash, organization names become unique per user, mitigating the risk of front-running and gas griefing attacks.