search

sherlock-audit / 2024-04-titles-judging

10 stars 7 forks source link

alexzoid - Edge Acknowledgment Status Not Persisted in Storage #354

Closed sherlock-admin3 closed 5 months ago

sherlock-admin3 commented 5 months ago

alexzoid

medium

Edge Acknowledgment Status Not Persisted in Storage

Summary

The _setAcknowledged function does not correctly update the persistent storage for edge acknowledgment statuses in the TitlesGraph contract.

Vulnerability Detail

The function intended to update the acknowledgment status of an edge fails to write these changes back to the contract’s storage, affecting the integrity of graph data management.

Impact

This is a medium severity issue because it causes the acknowledgment status of edges to not reflect actual updates, potentially leading to incorrect data usage and impacting system integrity.

Code Snippet

https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/graph/TitlesGraph.sol#L195-L213

function _setAcknowledged(bytes32 edgeId_, bytes calldata data_, bool acknowledged_)
    internal
    returns (Edge memory edge)
{
    if (!_edgeIds.contains(edgeId_)) revert NotFound();
    edge = edges[edgeId_];
    edge.acknowledged = acknowledged_;

    if (acknowledged_) {
        emit EdgeAcknowledged(edge, msg.sender, data_);
    } else {
        emit EdgeUnacknowledged(edge, msg.sender, data_);
    }
}

Tool used

Manual Review

Recommendation

Ensure the acknowledgment changes are stored by updating the edges mapping at the end of _setAcknowledged function:

edges[edgeId_].acknowledged = acknowledged_;
edge = edges[edgeId_];

Duplicate of #212