Closed sherlock-admin closed 1 year ago
This is not a duplicate of #131, which deals with admin level off-by-1 error. This issue refers to the count of children hats of a given admin.
This issue claims that admin.lastHatId
is incremented twice, but that is not actually the case. The incrementation inside of getHatId()
is a to a local variable, which does not impact the storage value of admin.lastHatId
. So I'm marking this one as disputed.
Avci
medium
There is WRONG calculation in lastHatId logic
Summary
There is the WRONG calculation in the lastHatId logic.
Vulnerability Detail
if you look at the function Hats.sol#createHat function L 159 NextHatidit it calculates the nexthat id and in
getNextId
doing increasing logic but it also doing same increasing in line 169 hats.sol contract
Impact
the value of lastHatId will be more than what protocol expects and its unwanted thing will happen to if not fix and the value will be double
Code Snippet
https://github.com/Hats-Protocol/hats-protocol/blob/fafcfdf046c0369c1f9e077eacd94a328f9d7af0/src/Hats.sol#L169
Tool used
Manual Review
Recommendation
consider modifying the code to the way it will no longer double the value,