A malicious admin can batch create hats and freeze its hat
Summary
In each level, there are only a limited number of hats (16 bits).
If an admin creates all of them as mutable hats in a batch request, the next levels will be frozen.
Vulnerability Detail
A malicious admin can batchCreateHats() all the (immutable)hats at the next levels.
As a result, no one can change them or create a new hat at those levels.
Impact
The admin hat and all the hats under that will be frozen and useless.
Ace-30
medium
A malicious admin can batch create hats and freeze its hat
Summary
In each level, there are only a limited number of hats (16 bits). If an admin creates all of them as mutable hats in a batch request, the next levels will be frozen.
Vulnerability Detail
A malicious admin can
batchCreateHats()
all the (immutable)hats at the next levels. As a result, no one can change them or create a new hat at those levels.Impact
The admin hat and all the hats under that will be frozen and useless.
Code Snippet
https://github.com/more-reese/hats-protocol/blob/2e22c755512eaacb619e38b9e57668529cbb9c34/src/Hats.sol#L143-L167
Tool used
Manual Review
Recommendation
Limit the number of hats that one admin can create