0xlookman: Using own but unregistered attestation users can review their own profiles.
Summary
By waiting to claim their attestations, users can first review their own profiles before claiming these attestation.
Root Cause
In ethosReview.sol, profiles are not supposed to review their own profiles, but before claiming the attestation, a user can first provide a review to his own profileId since a mock id will be created for that review and anytime he can claim his attestation hash and it will be assigned to him.
Internal pre-conditions
Attestation not yet claimed by the user or registered in the attestation contract.
External pre-conditions
No response
Attack Path
Profile user creates a review using attestation details instead of subject address.
The attestation details get a mock id and provide review to the profile.
User goes to attestation contract and claims the attestation details changing the attestation id to his own.
Impact
Reviews are to show credibility of profiles in the protocol and users can manipulate this to review themselves.
0xlookman
Medium
0xlookman: Using own but unregistered attestation users can review their own profiles.
Summary
By waiting to claim their attestations, users can first review their own profiles before claiming these attestation.
Root Cause
In
ethosReview.sol, profiles are not supposed to review their own profiles, but before claiming the attestation, a user can first provide a review to his own profileId since a mock id will be created for that review and anytime he can claim his attestation hash and it will be assigned to him.Internal pre-conditions
Attestation not yet claimed by the user or registered in the attestation contract.
External pre-conditions
No response
Attack Path
Impact
Reviews are to show credibility of profiles in the protocol and users can manipulate this to review themselves.
PoC
Mitigation
When claiming attestations, the protocol should first see it was not used before to review this same profile as a mock