Closed sherlock-admin closed 1 year ago
Linking to any hat with an admin (so long as it meets all the other criteria for linking) even if the hat does not yet exist, should be allowed. The main concern is that hat getting overwritten — ie as found in #11 and #72 — but if that issue is resolved than linking to non-existent hats should be fine. I am going to tentatively mark this as disputed and recommend that we re-open either #11 or #72
Closing this issue based on sponsor comment and does not identify the issue as #11 & #72
unforgiven
medium
Hats contract functions doesn't check that all upper level hats exists and it would be possible to link a hat to non-existing hats
Summary
functions createHat(), requestLinkTopHatToTree(), approveLinkTopHatToTree() and _linkTopHatToTree() are used to link hats to another hats but code doesn't check that all the upper level hats are exists and it's possible to link a hat to another hats that middle level hats are not created yet. code should check that for all upper level hats the maxSupply is higher than 0.
Vulnerability Detail
This is
createHat()
code:As you can see it calls
_checkAdmin()
and if it was true it creates new hat under admin hat id. This is_checkAdmin()
code:it calls
isAdminOfHat()
which is:As you can see code doesn't check that the middle level hats exists (maxSupply>0) and if in any level of upper level hats the user wears a hat then code would return true. so a malicious admin can perform this:
createHat(XX000000001100)
and create a new hat with ID XX00000000001101.other functions requestLinkTopHatToTree(), approveLinkTopHatToTree() and _linkTopHatToTree() has similar problem and code allows to link a Hat to ID XX000000001100 and even so the middle level hats doesn't exists because the topHat XX exists code would allow it. linking hat to non-existing hats can cause issues if those ids created in the future with unknown paramters.
Impact
it's possible to link hats to to trees that some middle level hats doesn't exist yet and it is also possible to create hats for admins that some middle level hats doesn't exists. (it's possible to create hat with id XX0000000001101 if topHat XX exists). This can cause logical or operational issues for the created hats and also it would be possible to create the upper level hats later with arbitrary parameters later. for example external user would think that the whole chain of the upper level hats are immutable but it would be possible to insert new upper level hat later that is mutable.
Code Snippet
https://github.com/Hats-Protocol/hats-protocol/blob/fafcfdf046c0369c1f9e077eacd94a328f9d7af0/src/Hats.sol#L831-L883
https://github.com/Hats-Protocol/hats-protocol/blob/fafcfdf046c0369c1f9e077eacd94a328f9d7af0/src/Hats.sol#L761-L773
Tool used
Manual Review
Recommendation
check that middle level hats exists when creating new hats or linking hat to another hat.