fandonov - In `Registry.sol` in the `register` function the first user can't be registered.

[sherlock-admin3]

fandonov

medium

In Registry.sol in the register function the first user can't be registered.

Summary

The admin won't be able to register the first user in the register function.

Vulnerability Detail

This is the register function:

function register(address addressRegistered, bytes4[] calldata interfaceIds)
        public
        onlyRole(ADMIN_ROLE)
    {
        for (uint256 i = interfaceIds.length; i != 0; ) {
            interfaces[addressRegistered][interfaceIds[i - 1]] = true;
            unchecked {
                --i;
            }
        }

        emit Register(addressRegistered, interfaceIds, msg.sender);
    }

When the time comes for the admin to register the first user he won't be able to because of this line of code in the register function:

for (uint256 i = interfaceIds.length; i != 0; )

This line sets the value of i as the interfaceIds.length but when the admin tries to register the first user the length of the bytes4[] interfaceIds array will be 0 because there are no users registered, and the i != 0 check will revert. This will make the register function always revert because there will be no way for the admin to register the first user.

Impact

The register function won't work because the first user can't be registered.

Code Snippet

https://github.com/sherlock-audit/2024-05-tokensoft-distributor-contracts-update/blob/67edd899612619b0acefdcb0783ef7a8a75caeac/contracts/packages/hardhat/contracts/utilities/Registry.sol#L33-L45

Tool used

Manual Review

Recommendation

Just put a check to see if the user was previously registered or not, and if he was not registered previously set interfaces[addressRegistered][interfaceIds] to true if he was registered prior to this just revert.

[sherlock-admin4]

1 comment(s) were left on this issue during the judging contest.

_karanel commented:

incorrect