Anyone with a profile will have unlimited number of invites and can swing votes in their favor
Summary
The uninviteUser function does not check whether an address has already registered a profile before uninviting the user . When called, it adds back the invite you had used up even though the address is already registered.
Root Cause
The function lacks a check to see if the user has already registered a profile before uninviting them.
EthosProfileUninviteFunction
Internal Pre-Conditions
An address needs to be invited then registered first then the invitee can uninvite that address and gain back their invite.
Impact
User can have an unlimited number of profiles that can swing votes in their favor
Mitigation
function uninviteUser(address user) external {
require(profileIdByAddress[user] == 0, "User already registered");
// Continue to uninvite the user and reclaim the invite
}
thornton98
Invalid
Anyone with a profile will have unlimited number of invites and can swing votes in their favor
Summary
The uninviteUser function does not check whether an address has already registered a profile before uninviting the user . When called, it adds back the invite you had used up even though the address is already registered.
Root Cause
The function lacks a check to see if the user has already registered a profile before uninviting them. EthosProfileUninviteFunction
Internal Pre-Conditions
An address needs to be invited then registered first then the invitee can uninvite that address and gain back their invite.
Impact
User can have an unlimited number of profiles that can swing votes in their favor
Mitigation