search

sherlock-audit / 2024-04-titles-judging

1 stars 1 forks source link

den_sosnovskyi - `TitlesGraph::_setAcknowledged` does not change the edge's acknowledged #407

Closed sherlock-admin4 closed 2 months ago

sherlock-admin4 commented 2 months ago

den_sosnovskyi

medium

TitlesGraph::_setAcknowledged does not change the edge's acknowledged

Summary

TitlesGraph::_setAcknowledged function does not modify acknowledged edge property in the storage

Vulnerability Detail

TitlesGraph::_setAcknowledged function change the edge's property only inside memory, not storage. So mapping(bytes32 id => Edge edge) public edges; is not updated. Only memory return from function is updated. It means after calling TitlesGraph::_setAcknowledged, no information is updated

Impact

TitlesGraph::_setAcknowledged does not updated the edge

Code Snippet

https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/graph/TitlesGraph.sol#L200

    function _setAcknowledged(bytes32 edgeId_, bytes calldata data_, bool acknowledged_)
        internal
        returns (Edge memory edge)
    {
        if (!_edgeIds.contains(edgeId_)) revert NotFound();
        edge = edges[edgeId_];
        edge.acknowledged = acknowledged_;

        if (acknowledged_) {
            emit EdgeAcknowledged(edge, msg.sender, data_);
        } else {
            emit EdgeUnacknowledged(edge, msg.sender, data_);
        }
    }

Tool used

Manual Review

Recommendation

    function _setAcknowledged(bytes32 edgeId_, bytes calldata data_, bool acknowledged_)
        internal
-        returns (Edge memory edge)
+        returns (Edge storage edge)

Duplicate of #212