In Registry.sol in the register function the first user can't be registered.
Summary
The admin won't be able to register the first user in the register function.
Vulnerability Detail
This is the register function:
function register(address addressRegistered, bytes4[] calldata interfaceIds)
public
onlyRole(ADMIN_ROLE)
{
for (uint256 i = interfaceIds.length; i != 0; ) {
interfaces[addressRegistered][interfaceIds[i - 1]] = true;
unchecked {
--i;
}
}
emit Register(addressRegistered, interfaceIds, msg.sender);
}
When the time comes for the admin to register the first user he won't be able to because of this line of code in the register function:
for (uint256 i = interfaceIds.length; i != 0; )
This line sets the value of i as the interfaceIds.length but when the admin tries to register the first user the length of the bytes4[] interfaceIds array will be 0 because there are no users registered, and the i != 0 check will revert. This will make the register function always revert because there will be no way for the admin to register the first user.
Impact
The register function won't work because the first user can't be registered.
Just put a check to see if the user was previously registered or not, and if he was not registered previously set interfaces[addressRegistered][interfaceIds] to true if he was registered prior to this just revert.
fandonov
medium
In
Registry.sol
in theregister
function the first user can't be registered.Summary
The admin won't be able to register the first user in the
register
function.Vulnerability Detail
This is the
register
function:When the time comes for the admin to register the first user he won't be able to because of this line of code in the
register
function:This line sets the value of
i
as theinterfaceIds.length
but when the admin tries to register the first user the length of thebytes4[] interfaceIds
array will be 0 because there are no users registered, and thei != 0
check will revert. This will make theregister
function always revert because there will be no way for the admin to register the first user.Impact
The
register
function won't work because the first user can't be registered.Code Snippet
https://github.com/sherlock-audit/2024-05-tokensoft-distributor-contracts-update/blob/67edd899612619b0acefdcb0783ef7a8a75caeac/contracts/packages/hardhat/contracts/utilities/Registry.sol#L33-L45
Tool used
Manual Review
Recommendation
Just put a check to see if the user was previously registered or not, and if he was not registered previously set
interfaces[addressRegistered][interfaceIds]
to true if he was registered prior to this just revert.