Closed github-actions[bot] closed 1 year ago
Qeew
medium
There seems to be no input validation check for _associatedAddress. This could lead to undesired behavior which can allow anyone use someone's ID to claim
https://github.com/sherlock-audit/2023-02-openq/blob/main/contracts/OpenQ/Implementations/OpenQV1.sol#L464
Manual Review
There should be a validation check that the associated address indeed belongs to the caller
require(_associatedAddress == msg.sender, "Caller must be the owner of the associated address");
Qeew
medium
No input Validation check for _associatedAddress
Summary
There seems to be no input validation check for _associatedAddress. This could lead to undesired behavior which can allow anyone use someone's ID to claim
Vulnerability Detail
Impact
Code Snippet
https://github.com/sherlock-audit/2023-02-openq/blob/main/contracts/OpenQ/Implementations/OpenQV1.sol#L464
Tool used
Manual Review
Recommendation
There should be a validation check that the associated address indeed belongs to the caller
require(_associatedAddress == msg.sender, "Caller must be the owner of the associated address");