TitlesGraph.sol::acknowledgeEdge and TitlesGraph.sol::unacknowledgeEdge don't update the edge.acknowledged storage correctly
Summary
As @pqseags pointed out in the discord channel, the acknowledgeEdge system is meant to endorse others creators work:
"
User1 trains an AI model (offchain) on a collection that they published (collectionA, modelA)
User2 uses modelA to create a new work of media (workB)
User2 publishes workB in a new Edition collection (collectionB / EditionB)
Because workB uses modelA to sample collectionA, a new reference is created in the TitlesGraph from workB to collectionA.
Because workB uses modelA to sample collectionA and user1 created collectionA, user1 is added as an attribution address
When collectors mint workB, proceeds are split between user2and user1.
Since user1 is the creator of referenced collectionA, if they like workB and want to endorse it, they can choose to acknowledge the reference."
Vulnerability Detail
Although the TitlesGraph.sol::_setAcknowledged is getting the TitlesGraph.sol::edges from storage correctly, the initiated edge = edges[edgeId_] variable is on the memory as shows the return declaration Edge memory edge. So, the update lasts until the end of the function and is not reflected in the storage as expected.
Impact
TitlesGraph.sol::_setAcknowledged emits an event transmitting wrong information for whatever system is listening to it.
The edges mapping will never reflect the correct status of acknowledgment, breaking the functionality completely, and making all the functions that try to update this particular variable useless.
i3arba
high
TitlesGraph.sol::acknowledgeEdgeandTitlesGraph.sol::unacknowledgeEdgedon't update theedge.acknowledgedstorage correctlySummary
As @pqseags pointed out in the discord channel, the acknowledgeEdge system is meant to endorse others creators work: "
Vulnerability Detail
Although the
TitlesGraph.sol::_setAcknowledgedis getting theTitlesGraph.sol::edgesfrom storage correctly, the initiatededge = edges[edgeId_]variable is on thememoryas shows the return declarationEdge memory edge. So, the update lasts until the end of the function and is not reflected in the storage as expected.Impact
TitlesGraph.sol::_setAcknowledgedemits an event transmitting wrong information for whatever system is listening to it.edgesmapping will never reflect the correct status of acknowledgment, breaking the functionality completely, and making all the functions that try to update this particular variable useless.Code Snippet
https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/graph/TitlesGraph.sol#L200-L213
Tool used
Manual Review
Recommendation
Code Adjustment
```diff function _setAcknowledged(bytes32 edgeId_, bytes calldata data_, bool acknowledged_) internal returns (Edge memory edge) { if (!_edgeIds.contains(edgeId_)) revert NotFound(); - edge = edges[edgeId_]; - edge.acknowledged = acknowledged_; + edges[edgeId_] = acknowledged_; + edge = edges[edgeId_]; if (acknowledged_) { emit EdgeAcknowledged(edge, msg.sender, data_); } else { emit EdgeUnacknowledged(edge, msg.sender, data_); } } ```Duplicate of #212