search

sherlock-audit / 2024-10-ethos-network-judging

0 stars 0 forks source link

pkqs90 - EthosVote does not implement `targetExistsAndAllowedForId()` function #207

Open sherlock-admin4 opened 2 weeks ago

sherlock-admin4 commented 2 weeks ago

pkqs90

Medium

EthosVote does not implement targetExistsAndAllowedForId() function

Summary

All Ethos contracts but EthosVote implement the targetExistsAndAllowedForId() function. This function is used to check if an id exists for a contract. Specifically, if this is not implemented, users cannot add a reply, or vote for an EthosVote entity.

Root Cause

In EthosDiscussion#addReply and EthosVote#voteFor functions, the ITargetStatus(targetContract).targetExistsAndAllowedForId(targetId) is always checked. Since EthosVote doesn't implement this, this means users can't add a reply or vote for an EthosVote entity.

https://github.com/sherlock-audit/2024-10-ethos-network/blob/main/ethos/packages/contracts/contracts/EthosDiscussion.sol#L300

  function addReply(
    address targetContract,
    uint256 targetId,
    string memory content,
    string memory metadata
  ) external onlyNonZeroAddress(targetContract) whenNotPaused {
    uint256 authorID = IEthosProfile(
      contractAddressManager.getContractAddressForName(ETHOS_PROFILE)
    ).verifiedProfileIdForAddress(msg.sender);

    bool isTargetThisContract = _isAddressThisContract(targetContract);

    if (isTargetThisContract) {
      if (replies[targetId].createdAt == 0) {
        revert TargetNotFound(targetContract, targetId);
      }
    } else {
      _checkIfTargetExistsAndAllowed(targetContract, targetId);
    }
    ...
  }

  function _checkIfTargetExistsAndAllowed(address targetContract, uint256 targetId) private view {
@>  (bool exists, ) = ITargetStatus(targetContract).targetExistsAndAllowedForId(targetId);

    if (!exists) {
      revert TargetNotFound(targetContract, targetId);
    }
  }

https://github.com/sherlock-audit/2024-10-ethos-network/blob/main/ethos/packages/contracts/contracts/EthosVote.sol#L142

  function voteFor(
    address targetContract,
    uint256 targetId,
    bool isUpvote
  ) external whenNotPaused isValidTarget(targetContract) {
@>  (bool exists, ) = ITargetStatus(targetContract).targetExistsAndAllowedForId(targetId);

    if (!exists) {
      revert TargetNotFound(targetContract, targetId);
    }

    uint256 voter = IEthosProfile(contractAddressManager.getContractAddressForName(ETHOS_PROFILE))
      .verifiedProfileIdForAddress(msg.sender);

    if (hasVotedFor(voter, targetContract, targetId)) {
      _modifyVote(targetContract, targetId, voter, isUpvote);
    } else {
      _recordVote(voter, targetContract, targetId, isUpvote);
    }
  }

Internal pre-conditions

N/A

External pre-conditions

N/A

Attack Path

N/A

Impact

Users can't add a reply or vote for an EthosVote entity.

PoC

N/A

Mitigation

Implement the targetExistsAndAllowedForId() function for EthosVote.