Open hats-bug-reporter[bot] opened 4 weeks ago
There's going to be only 1 Origins market and it's used by us. We don't need to unregister
it
Hi! We said we were not going to reward lows, but we are going to reward you with 150 USDC as a token of appreciation
Github username: -- Twitter username: -- Submission hash (on-chain): 0x96710a7fc6a2617a260d9aad9e47b9609649937f822155d7674dc669b939732d Severity: medium
Description:
Description
Origins
is registered, Penrose#addOriginsMarket()
does not updateclonesOf
andmasterContractOf
state variable unlike Penrose#addBigBang()
.Origins
is unregistered, Penrose#unregisterContract()
is trying to deleteclonesOf
and does not updateisOriginRegistered
flag.Attack Scenario:
unregisterContract()
to unregisterOrigins
.Attachments
1. Proof of Concept (PoC) File:
test_penrose_unregister_origins()
as follows.test/Penrose.t.sol
and execute with2. Revised Code File (Optional)
Please update Penrose#
unregisterContract()
as follows.Description\ Describe the context and the effect of the vulnerability.
Attack Scenario\ Describe how the vulnerability can be exploited.
Attachments
Proof of Concept (PoC) File
Revised Code File (Optional)
Files: