Argument `uint256 profileId` of EthosAttestation.sol:createAttestation() is useless

Summary

EthosAttestation.sol:createAttestation() accepts the argument profileId but the profile owner is the only one who can send Attestations, therefore profileId can always be inferred from msg.sender

Root Cause

No response

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

No response

Impact

Could potentially lead to create attestations for other profiles

PoC

apply the following patch:

diff --git a/ethos/packages/contracts/contracts/EthosAttestation.sol b/ethos/packages/contracts/contracts/EthosAttestation.sol
index 592b32e..452b1ab 100644
--- a/ethos/packages/contracts/contracts/EthosAttestation.sol
+++ b/ethos/packages/contracts/contracts/EthosAttestation.sol
@@ -175,19 +175,20 @@ contract EthosAttestation is IEthosAttestation, AccessControl, UUPSUpgradeable {

   /**
    * @notice Creates attestation.
-   * @param profileId Profile id. Use max uint for non-existing profile.
    * @param randValue Random value.
    * @param attestationDetails Attestation details.
    * @param evidence Evidence of attestation.
    * @param signature Signature of the attestation.
    */
   function createAttestation(
-    uint256 profileId,
     uint256 randValue,
     AttestationDetails calldata attestationDetails,
     string calldata evidence,
     bytes calldata signature
   ) external whenNotPaused {
+    address ethosProfile = _getEthosProfile();
+    uint256 profileId = IEthosProfile(ethosProfile).verifiedProfileIdForAddress(msg.sender);
+
     validateAndSaveSignature(
       _keccakForCreateAttestation(
         profileId,
@@ -216,8 +217,6 @@ contract EthosAttestation is IEthosAttestation, AccessControl, UUPSUpgradeable {

     _attestationShouldNotExist(hashStr);

-    address ethosProfile = _getEthosProfile();
-
     // ensure specified profile is active
     (bool profileExists, ) = ITargetStatus(ethosProfile).targetExistsAndAllowedForId(profileId);
     if (!profileExists) {
diff --git a/ethos/packages/contracts/contracts/interfaces/IEthosAttestation.sol b/ethos/packages/contracts/contracts/interfaces/IEthosAttestation.sol
index 677b264..01aada3 100644
--- a/ethos/packages/contracts/contracts/interfaces/IEthosAttestation.sol
+++ b/ethos/packages/contracts/contracts/interfaces/IEthosAttestation.sol
@@ -17,7 +17,6 @@ interface IEthosAttestation {
   }

   function createAttestation(
-    uint256 profileId,
     uint256 randValue,
     AttestationDetails calldata attestationDetails,
     string calldata evidence,
diff --git a/ethos/packages/contracts/test/EthosAttestation.test.ts b/ethos/packages/contracts/test/EthosAttestation.test.ts
index 54f49af..824b9b4 100644
--- a/ethos/packages/contracts/test/EthosAttestation.test.ts
+++ b/ethos/packages/contracts/test/EthosAttestation.test.ts
@@ -222,7 +222,6 @@ describe('EthosAttestation', () => {
       await ethosAttestation
         .connect(OTHER_0)
         .createAttestation(
-          String(await ethosProfile.profileIdByAddress(OTHER_0.address)),
           randValue,
           { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
           ATTESTATION_EVIDENCE_0,
@@ -384,7 +383,6 @@ describe('EthosAttestation', () => {
         ethosAttestation
           .connect(PROFILE_CREATOR_0)
           .createAttestation(
-            creator0profileId,
             randValue,
             { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
             ATTESTATION_EVIDENCE_0,
@@ -430,7 +428,6 @@ describe('EthosAttestation', () => {
       await ethosAttestation
         .connect(OTHER_0)
         .createAttestation(
-          String(await ethosProfile.profileIdByAddress(OTHER_0.address)),
           randValue,
           { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
           ATTESTATION_EVIDENCE_0,
@@ -442,7 +439,6 @@ describe('EthosAttestation', () => {
         ethosAttestation
           .connect(OTHER_1)
           .createAttestation(
-            String(await ethosProfile.profileIdByAddress(OTHER_0.address)),
             randValue,
             { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
             ATTESTATION_EVIDENCE_0,
@@ -455,7 +451,6 @@ describe('EthosAttestation', () => {
         ethosAttestation
           .connect(OTHER_1)
           .createAttestation(
-            String(await ethosProfile.profileIdByAddress(OTHER_1.address)),
             randValue,
             { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
             ATTESTATION_EVIDENCE_0,
@@ -498,7 +493,6 @@ describe('EthosAttestation', () => {
         ethosAttestation
           .connect(PROFILE_CREATOR_0)
           .createAttestation(
-            '123',
             randValue,
             { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
             ATTESTATION_EVIDENCE_0,
@@ -511,7 +505,6 @@ describe('EthosAttestation', () => {
         ethosAttestation
           .connect(PROFILE_CREATOR_0)
           .createAttestation(
-            creator0profileId,
             '1234',
             { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
             ATTESTATION_EVIDENCE_0,
@@ -524,7 +517,6 @@ describe('EthosAttestation', () => {
         ethosAttestation
           .connect(PROFILE_CREATOR_0)
           .createAttestation(
-            creator0profileId,
             randValue,
             { account: 'ACCOUNT_NAME_BEN_NOT', service: SERVICE_X },
             ATTESTATION_EVIDENCE_0,
@@ -537,7 +529,6 @@ describe('EthosAttestation', () => {
         ethosAttestation
           .connect(PROFILE_CREATOR_0)
           .createAttestation(
-            creator0profileId,
             randValue,
             { account: ACCOUNT_NAME_BEN, service: 'SERVICE_X_NOT' },
             ATTESTATION_EVIDENCE_0,
@@ -550,7 +541,6 @@ describe('EthosAttestation', () => {
         ethosAttestation
           .connect(PROFILE_CREATOR_0)
           .createAttestation(
-            creator0profileId,
             randValue,
             { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
             'ATTESTATION_EVIDENCE_0_NOT',
@@ -589,7 +579,6 @@ describe('EthosAttestation', () => {
         ethosAttestation
           .connect(PROFILE_CREATOR_0)
           .createAttestation(
-            creator0profileId,
             randValue,
             { account: '', service: '' },
             ATTESTATION_EVIDENCE_0,
@@ -634,7 +623,6 @@ describe('EthosAttestation', () => {
       await ethosAttestation
         .connect(PROFILE_CREATOR_0)
         .createAttestation(
-          creator0profileId,
           randValue,
           { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
           ATTESTATION_EVIDENCE_0,
@@ -679,7 +667,6 @@ describe('EthosAttestation', () => {
       await ethosAttestation
         .connect(PROFILE_CREATOR_0)
         .createAttestation(
-          creator0profileId,
           '1234',
           { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
           ATTESTATION_EVIDENCE_0,
@@ -705,7 +692,6 @@ describe('EthosAttestation', () => {
         ethosAttestation
           .connect(OTHER_0)
           .createAttestation(
-            creator0profileId,
             '5678',
             { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
             ATTESTATION_EVIDENCE_0,
@@ -756,7 +742,6 @@ describe('EthosAttestation', () => {
       await ethosAttestation
         .connect(PROFILE_CREATOR_0)
         .createAttestation(
-          creator0profileId,
           randValue,
           { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
           ATTESTATION_EVIDENCE_0,
@@ -804,7 +789,6 @@ describe('EthosAttestation', () => {
       await ethosAttestation
         .connect(PROFILE_CREATOR_0)
         .createAttestation(
-          creator0profileId,
           randValue,
           { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
           ATTESTATION_EVIDENCE_0,
@@ -853,7 +837,6 @@ describe('EthosAttestation', () => {
         ethosAttestation
           .connect(PROFILE_CREATOR_0)
           .createAttestation(
-            creator0profileId,
             randValue,
             { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
             ATTESTATION_EVIDENCE_0,
@@ -897,7 +880,6 @@ describe('EthosAttestation', () => {
         ethosAttestation
           .connect(PROFILE_CREATOR_0)
           .createAttestation(
-            creator0profileId,
             randValue,
             { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
             ATTESTATION_EVIDENCE_0,
@@ -920,7 +902,6 @@ describe('EthosAttestation', () => {
         ethosAttestation
           .connect(PROFILE_CREATOR_0)
           .createAttestation(
-            creator0profileId,
             randValue,
             { account: ACCOUNT_NAME_IVAN, service: SERVICE_X },
             ATTESTATION_EVIDENCE_0,
@@ -966,7 +947,6 @@ describe('EthosAttestation', () => {
       await ethosAttestation
         .connect(PROFILE_CREATOR_0)
         .createAttestation(
-          creator0profileId,
           randValue,
           { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
           ATTESTATION_EVIDENCE_0,
@@ -1021,7 +1001,6 @@ describe('EthosAttestation', () => {
       await ethosAttestation
         .connect(PROFILE_CREATOR_0)
         .createAttestation(
-          creator0profileId,
           randValue,
           { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
           ATTESTATION_EVIDENCE_0,
@@ -1048,7 +1027,6 @@ describe('EthosAttestation', () => {
       await ethosAttestation
         .connect(PROFILE_CREATOR_1)
         .createAttestation(
-          creator1profileId,
           randValue,
           { account: ACCOUNT_NAME_IVAN, service: SERVICE_FB },
           ATTESTATION_EVIDENCE_1,
@@ -1108,7 +1086,6 @@ describe('EthosAttestation', () => {
       await ethosAttestation
         .connect(OTHER_0)
         .createAttestation(
-          other0profileId,
           randValue,
           { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
           ATTESTATION_EVIDENCE_0,
@@ -1158,7 +1135,6 @@ describe('EthosAttestation', () => {
       await ethosAttestation
         .connect(OTHER_0)
         .createAttestation(
-          other0profileId,
           randValue,
           { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
           ATTESTATION_EVIDENCE_0,
@@ -1208,7 +1184,6 @@ describe('EthosAttestation', () => {
       await ethosAttestation
         .connect(PROFILE_CREATOR_0)
         .createAttestation(
-          creator0profileId,
           randValue,
           { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
           ATTESTATION_EVIDENCE_0,
@@ -1260,7 +1235,6 @@ describe('EthosAttestation', () => {
       await ethosAttestation
         .connect(PROFILE_CREATOR_0)
         .createAttestation(
-          creator0profileId,
           randValue,
           { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
           ATTESTATION_EVIDENCE_0,
@@ -1310,7 +1284,6 @@ describe('EthosAttestation', () => {
         ethosAttestation
           .connect(OTHER_0)
           .createAttestation(
-            noProfileId,
             randValue,
             { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
             ATTESTATION_EVIDENCE_0,
@@ -1354,7 +1327,6 @@ describe('EthosAttestation', () => {
       await ethosAttestation
         .connect(PROFILE_CREATOR_0)
         .createAttestation(
-          creator0profileId,
           randValue,
           { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
           ATTESTATION_EVIDENCE_0,
@@ -1412,7 +1384,6 @@ describe('EthosAttestation', () => {
       await ethosAttestation
         .connect(PROFILE_CREATOR_0)
         .createAttestation(
-          creator0profileId,
           randValue0,
           { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
           ATTESTATION_EVIDENCE_0,
@@ -1447,7 +1418,6 @@ describe('EthosAttestation', () => {
       await ethosAttestation
         .connect(PROFILE_CREATOR_1)
         .createAttestation(
-          creator1profileId,
           randValue1,
           { account: ACCOUNT_NAME_IVAN, service: SERVICE_FB },
           ATTESTATION_EVIDENCE_1,
@@ -1506,7 +1476,6 @@ describe('EthosAttestation', () => {
       await ethosAttestation
         .connect(PROFILE_CREATOR_0)
         .createAttestation(
-          creator0profileId,
           randValue,
           { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
           ATTESTATION_EVIDENCE_0,
@@ -1554,7 +1523,6 @@ describe('EthosAttestation', () => {
       await ethosAttestation
         .connect(OTHER_0)
         .createAttestation(
-          other0profileId,
           randValue,
           { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
           ATTESTATION_EVIDENCE_0,
@@ -1629,7 +1597,6 @@ describe('EthosAttestation', () => {
       await ethosAttestation
         .connect(OTHER_0)
         .createAttestation(
-          other0profileId,
           randValue,
           { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
           ATTESTATION_EVIDENCE_0,
@@ -1757,7 +1724,6 @@ describe('EthosAttestation', () => {
       await ethosAttestation
         .connect(OTHER_0)
         .createAttestation(
-          other0profileId,
           randValue0,
           { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
           ATTESTATION_EVIDENCE_0,
@@ -1796,7 +1762,7 @@ describe('EthosAttestation', () => {
       await ethosAttestation
         .connect(OTHER_1)
         .createAttestation(
-          other1profileId,
+          othe1profileId,
           randValue1,
           { account: ACCOUNT_NAME_IVAN, service: SERVICE_FB },
           ATTESTATION_EVIDENCE_1,
diff --git a/ethos/packages/contracts/test/EthosReview.test.ts b/ethos/packages/contracts/test/EthosReview.test.ts
index 7aaa90f..c6111e9 100644
--- a/ethos/packages/contracts/test/EthosReview.test.ts
+++ b/ethos/packages/contracts/test/EthosReview.test.ts
@@ -1387,7 +1387,6 @@ describe('EthosReview', () => {
       await ethosAttestation
         .connect(OTHER_0)
         .createAttestation(
-          other0profileId,
           randValue,
           { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
           ATTESTATION_EVIDENCE_0,
@@ -1443,7 +1442,6 @@ describe('EthosReview', () => {
       await ethosAttestation
         .connect(OTHER_0)
         .createAttestation(
-          other0profileId,
           '120843257',
           { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
           'test',
@@ -1597,7 +1595,6 @@ describe('EthosReview', () => {
       await ethosAttestation
         .connect(OTHER_0)
         .createAttestation(
-          other0profileId,
           '120843257',
           { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
           'test',
@@ -1695,7 +1692,6 @@ describe('EthosReview', () => {
       await ethosAttestation
         .connect(OTHER_0)
         .createAttestation(
-          other0profileId,
           '120843257',
           { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
           'test',
@@ -1793,7 +1789,6 @@ describe('EthosReview', () => {
       await ethosAttestation
         .connect(OTHER_0)
         .createAttestation(
-          other0profileId,
           '120843257',
           { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
           'test',
@@ -1891,7 +1886,6 @@ describe('EthosReview', () => {
       await ethosAttestation
         .connect(OTHER_0)
         .createAttestation(
-          other0profileId,
           '120843257',
           { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
           'test',
@@ -1988,7 +1982,6 @@ describe('EthosReview', () => {
       await ethosAttestation
         .connect(OTHER_0)
         .createAttestation(
-          other0profileId,
           '120843257',
           { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
           'test',
@@ -2101,7 +2094,6 @@ describe('EthosReview', () => {
       await ethosAttestation
         .connect(OTHER_0)
         .createAttestation(
-          other0profileId,
           '120843257',
           { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
           'test',
@@ -2214,7 +2206,6 @@ describe('EthosReview', () => {
       await ethosAttestation
         .connect(OTHER_0)
         .createAttestation(
-          other0profileId,
           '120843257',
           { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
           'test',
@@ -2326,7 +2317,6 @@ describe('EthosReview', () => {
       await ethosAttestation
         .connect(OTHER_0)
         .createAttestation(
-          other0profileId,
           '120843257',
           { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
           'test',
@@ -2446,7 +2436,6 @@ describe('EthosReview', () => {
       await ethosAttestation
         .connect(OTHER_0)
         .createAttestation(
-          other0profileId,
           '120843257',
           { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
           'test',
@@ -2699,7 +2688,6 @@ describe('EthosReview', () => {
       await ethosAttestation
         .connect(OTHER_0)
         .createAttestation(
-          other0profileId,
           '120843257',
           { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
           'test',
@@ -2753,7 +2741,6 @@ describe('EthosReview', () => {
       await ethosAttestation
         .connect(OTHER_0)
         .createAttestation(
-          other0profileId,
           '120843267',
           { account: ACCOUNT_NAME_IVAN, service: SERVICE_FB },
           'test',
@@ -3016,7 +3003,6 @@ describe('EthosReview', () => {
       await ethosAttestation
         .connect(OTHER_0)
         .createAttestation(
-          other0profileId,
           '120843257',
           { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
           'test',
@@ -3063,7 +3049,6 @@ describe('EthosReview', () => {
       await ethosAttestation
         .connect(OTHER_0)
         .createAttestation(
-          other0profileId,
           '120843257',
           { account: ACCOUNT_NAME_IVAN, service: SERVICE_FB },
           'test',
@@ -3343,7 +3328,6 @@ describe('EthosReview', () => {
       await ethosAttestation
         .connect(OTHER_0)
         .createAttestation(
-          other0profileId,
           '120843257',
           { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
           'test',
@@ -3640,7 +3624,6 @@ describe('EthosReview', () => {
       await ethosAttestation
         .connect(OTHER_0)
         .createAttestation(
-          other0profileId,
           '120843257',
           { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
           'test',
@@ -5928,7 +5911,6 @@ describe('EthosReview', () => {
       await ethosAttestation
         .connect(OTHER_0)
         .createAttestation(
-          other0profileId,
           '120843257',
           { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
           'test',
@@ -6029,7 +6011,6 @@ describe('EthosReview', () => {
       await ethosAttestation
         .connect(OTHER_0)
         .createAttestation(
-          other0profileId,
           '120843257',
           { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
           'test',
@@ -6140,7 +6121,6 @@ describe('EthosReview', () => {
       await ethosAttestation
         .connect(OTHER_0)
         .createAttestation(
-          other0profileId,
           '120843257',
           { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
           'test',
@@ -6242,7 +6222,6 @@ describe('EthosReview', () => {
       await ethosAttestation
         .connect(OTHER_0)
         .createAttestation(
-          other0profileId,
           '120843257',
           { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
           'test',
@@ -6784,7 +6763,6 @@ describe('EthosReview', () => {
         await ethosAttestation
           .connect(OTHER_0)
           .createAttestation(
-            other0profileId,
             '120843257',
             { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
             'test',
@@ -6881,7 +6859,6 @@ describe('EthosReview', () => {
         await ethosAttestation
           .connect(OTHER_0)
           .createAttestation(
-            other0profileId,
             '120843257',
             { account: ACCOUNT_NAME_IVAN, service: SERVICE_FB },
             'test',
diff --git a/ethos/packages/contracts/test/attestations/attestation.claim.test.ts b/ethos/packages/contracts/test/attestations/attestation.claim.test.ts
index a0d4882..7ab1f25 100644
--- a/ethos/packages/contracts/test/attestations/attestation.claim.test.ts
+++ b/ethos/packages/contracts/test/attestations/attestation.claim.test.ts
@@ -63,7 +63,6 @@ describe('EthosAttestation Claim Attestation', () => {
     await ethosAttestation
       .connect(userA.signer)
       .createAttestation(
-        profileId,
         randomValueA,
         { account, service },
         ATTESTATION_EVIDENCE_0,
@@ -104,7 +103,6 @@ describe('EthosAttestation Claim Attestation', () => {
       ethosAttestation
         .connect(userA.signer)
         .createAttestation(
-          String(userA.profileId),
           randomValueB,
           { account: ACCOUNT_NAME, service: SERVICE_X },
           ATTESTATION_EVIDENCE_0,
@@ -131,7 +129,6 @@ describe('EthosAttestation Claim Attestation', () => {
       ethosAttestation
         .connect(RANDOM_ACC)
         .createAttestation(
-          nonExistingProfileId,
           randomValueB,
           { account: ACCOUNT_NAME, service: SERVICE_X },
           ATTESTATION_EVIDENCE_1,
@@ -156,7 +153,6 @@ describe('EthosAttestation Claim Attestation', () => {
       ethosAttestation
         .connect(userB.signer)
         .createAttestation(
-          String(userC.profileId),
           randomValueB,
           { account: ACCOUNT_NAME, service: SERVICE_X },
           ATTESTATION_EVIDENCE_1,
@@ -199,7 +195,6 @@ describe('EthosAttestation Claim Attestation', () => {
       ethosAttestation
         .connect(userB.signer)
         .createAttestation(
-          String(userB.profileId),
           randomValueB,
           { account: ACCOUNT_NAME, service: SERVICE_X },
           ATTESTATION_EVIDENCE_1,
@@ -283,7 +278,6 @@ describe('EthosAttestation Claim Attestation', () => {
       ethosAttestation
         .connect(userB.signer)
         .createAttestation(
-          String(userB.profileId),
           randomValueB,
           { account: ACCOUNT_NAME, service: SERVICE_X },
           ATTESTATION_EVIDENCE_1,
@@ -369,7 +363,6 @@ describe('EthosAttestation Claim Attestation', () => {
       ethosAttestation
         .connect(userB.signer)
         .createAttestation(
-          String(userB.profileId),
           randomValueB,
           { account: ACCOUNT_NAME, service: SERVICE_X },
           ATTESTATION_EVIDENCE_1,
diff --git a/ethos/packages/contracts/test/attestations/attestation.create.test.ts b/ethos/packages/contracts/test/attestations/attestation.create.test.ts
index 5c0409f..2d2426d 100644
--- a/ethos/packages/contracts/test/attestations/attestation.create.test.ts
+++ b/ethos/packages/contracts/test/attestations/attestation.create.test.ts
@@ -38,7 +38,6 @@ describe('EthosAttestation Create Attestation', () => {
     await ethosAttestation
       .connect(userA.signer)
       .createAttestation(
-        2,
         3592832,
         { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
         ATTESTATION_EVIDENCE_0,
@@ -58,7 +57,6 @@ describe('EthosAttestation Create Attestation', () => {
     await ethosAttestation
       .connect(userA.signer)
       .createAttestation(
-        2,
         3592833,
         { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
         ATTESTATION_EVIDENCE_0,
@@ -98,7 +96,6 @@ describe('EthosAttestation Create Attestation', () => {
       ethosAttestation
         .connect(userA.signer)
         .createAttestation(
-          3,
           3592832,
           { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
           ATTESTATION_EVIDENCE_0,
@@ -125,7 +122,6 @@ describe('EthosAttestation Create Attestation', () => {
     await ethosAttestation
       .connect(userA.signer)
       .createAttestation(
-        2,
         3592832,
         { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
         ATTESTATION_EVIDENCE_0,
@@ -164,7 +160,6 @@ describe('EthosAttestation Create Attestation', () => {
     await ethosAttestation
       .connect(userA.signer)
       .createAttestation(
-        2,
         3592832,
         { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
         ATTESTATION_EVIDENCE_0,
@@ -208,7 +203,6 @@ describe('EthosAttestation Create Attestation', () => {
     await ethosAttestation
       .connect(userA.signer)
       .createAttestation(
-        2,
         3592832,
         { account: ACCOUNT_NAME_BEN, service: SERVICE_X },
         ATTESTATION_EVIDENCE_0,
diff --git a/ethos/packages/contracts/test/review/review.byAttestation.test.ts b/ethos/packages/contracts/test/review/review.byAttestation.test.ts
index 9f0aaac..2dbed6c 100644
--- a/ethos/packages/contracts/test/review/review.byAttestation.test.ts
+++ b/ethos/packages/contracts/test/review/review.byAttestation.test.ts
@@ -165,7 +165,6 @@ describe('EthosReview by Attestation', () => {
     await ethosAttestation
       .connect(userB.signer)
       .createAttestation(
-        userB.profileId,
         '0',
         attestationDetails,
         DEFAULT.ATTESTATION_EVIDENCE_0,

Mitigation

profileId can be removed from function's arguments and retrieved from EthosProfile:

function createAttestation(...) {
    uint256 profileId = IEthosProfile(_getEthosProfile()).verifiedProfileIdForAddress(msg.sender);
    ...
}

Note that applying the patch some tests breaks but because those tests are not relevant

sherlock-audit / 2024-10-ethos-network-judging

Acrobatic Burlap Lizard - Argument `uint256 profileId ` of EthosAttestation.sol:createAttestation() is useless #324

Argument `uint256 profileId` of EthosAttestation.sol:createAttestation() is useless

Summary

Root Cause

Internal pre-conditions

External pre-conditions

Attack Path

Impact

PoC

Mitigation

sherlock-audit / 2024-10-ethos-network-judging

Acrobatic Burlap Lizard - Argument `uint256 profileId ` of EthosAttestation.sol:createAttestation() is useless #324

Argument uint256 profileId of EthosAttestation.sol:createAttestation() is useless

Summary

Root Cause

Internal pre-conditions

External pre-conditions

Attack Path

Impact

PoC

Mitigation

Argument `uint256 profileId` of EthosAttestation.sol:createAttestation() is useless