Open hats-bug-reporter[bot] opened 1 week ago
The whitelist limit is intended to restrict the number of users that can be whitelisted in a single transaction, not the total number of whitelisted users. This prevents denial-of-service (DoS) attacks by ensuring that the operation remains manageable. The protocol configuration allows us to adjust this limit as needed for security and efficiency.
Github username: -- Twitter username: -- Submission hash (on-chain): 0x4e6fa7426af42b5516cc916e3b198b23dd7d3a6866e3061e981fd4240af26ab3 Severity: low
Description: Description:
In
UserWhitelistManagement
, the checkwhitelistLimit
is not correct, as it's checking theusers
parameter, not the already-whitelisted users.The check should be counting the
whitelistedUsers
which is already true.Impact:
whitelistedUsers
can exceed thewhitelistLimit
Mitigation:
Add a
whitelistedUsers
counter, and compare it withwhitelistLimit