search

sherlock-audit / 2024-04-titles-judging

9 stars 6 forks source link

Yu3H0 - grantRoles and revokeRoles function in Edition contract doesn't work #215

Closed sherlock-admin4 closed 4 months ago

sherlock-admin4 commented 4 months ago

Yu3H0

high

grantRoles and revokeRoles function in Edition contract doesn't work

Summary

grantRoles and revokeRoles function in Edition contract doesn't work

Vulnerability Detail

in Edition contract, EDITION_MANAGER_ROLE is TitlesCore contract, but TitlesCore will not call these function, which makes grantRoles and revokeRoles function in Edition contract doesn't work. https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/editions/Edition.sol#L89

    function createEdition(bytes calldata payload_, address referrer_)
        external
        payable
        returns (Edition edition)
    {
        EditionPayload memory payload = abi.decode(payload_.cdDecompress(), (EditionPayload));

        edition = Edition(editionImplementation.clone());

        // wake-disable-next-line reentrancy
        edition.initialize(
            feeManager, graph, payload.work.creator.target, address(this), payload.metadata
        );

    function initialize(
        FeeManager feeManager_,
        TitlesGraph graph_,
        address owner_,
        address controller_,
        Metadata calldata metadata_
    ) external initializer {
        _initializeOwner(owner_);
        FEE_MANAGER = feeManager_;
        GRAPH = graph_;

        _grantRoles(controller_, EDITION_MANAGER_ROLE);
        _grantRoles(owner_, EDITION_PUBLISHER_ROLE);

        _metadata[0] = metadata_;
    }
    function grantRoles(address user_, uint256 roles_)
        public
        payable
        override
        onlyRoles(EDITION_MANAGER_ROLE)
    {
        _grantRoles(user_, roles_);
    }

    /// @inheritdoc OwnableRoles
    function revokeRoles(address user_, uint256 roles_)
        public
        payable
        override
        onlyRoles(EDITION_MANAGER_ROLE)
    {
        _removeRoles(user_, roles_);
    }

Impact

DoS

Code Snippet

https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/editions/Edition.sol#L89 https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/editions/Edition.sol#L423

Tool used

Manual Review

Recommendation

set proper admin

ccashwell commented 4 months ago

This is expected, the EDITION_MANAGER_ROLE holder (TitlesCore) will be upgraded at a later point to leverage this functionality for a planned feature. In any case, it's not a vulnerability.