registerTemplate() can't handle properly when ITemplate version is 0

Summary

Factory.sol when register one template , and template ' s version is 0, the latestImplementation[templateName] will be address(0) and add other version, "_templateNames" will duplicate

Vulnerability Detail

When version is equal 0 latestImplementation[templateName] don't set

   function _setTemplate(
        string memory templateName,
        uint256 templateVersion,
        address implementationAddress
    ) internal {
...

        if (latestImplementation[templateName] == address(0)) { /****add other version, _templateNames will duplicate ****/
            _templateNames.push(templateName);
        }

        if (templateVersion > latestVersion[templateName]) {
            latestVersion[templateName] = templateVersion;
            latestImplementation[templateName] = implementationAddress; /****templateVersion==0 ,  don't set ****/
        }

    }

Impact

latestImplementation[templateName] and _templateNames will error. external contracts may think there is no setup, resulting in duplicate setups that keep failing

Code Snippet

https://github.com/sherlock-audit/2022-10-nftport/blob/main/evm-minting-master/contracts/Factory.sol#L415

Tool used

Manual Review

Recommendation

    function _setTemplate(
        string memory templateName,
        uint256 templateVersion,
        address implementationAddress
    ) internal {

 -      if (templateVersion > latestVersion[templateName]) {
 +      if (templateVersion > = latestVersion[templateName]) {
            latestVersion[templateName] = templateVersion;
            latestImplementation[templateName] = implementationAddress; 
        }

hyperspacebunny commented 1 year ago

Fixed in https://github.com/nftport/evm-minting-sherlock-fixes/pull/4

rayn731 commented 1 year ago

Fixed, it prevents using version 0, only > 0 is allowed.

sherlock-audit / 2022-10-nftport-judging

bin2chen - registerTemplate() can't handle properly when ITemplate version is 0 #80