search

sherlock-audit / 2024-10-ethos-network-judging

0 stars 0 forks source link

Scrawny Neon Python - `_doesReplyExist` Should call at first on `editReply` function of `EthosDiscussion` #337

Closed sherlock-admin4 closed 2 weeks ago

sherlock-admin4 commented 2 weeks ago

Scrawny Neon Python

Low/Info

_doesReplyExist Should call at first on editReply function of EthosDiscussion

Summary

_doesReplyExist is called by editReply function of EthosDiscussion after finding the authorID.\ But it should called early.

Impact

If the reply does not exist then this call will revert.\ It means getting authorID early will get nothing.

PoC

https://github.com/sherlock-audit/2024-10-ethos-network/blob/main/ethos/packages/contracts/contracts/EthosDiscussion.sol#L153C12-L153C21

function editReply(
    uint256 replyId,
    string memory content,
    string memory metadata
) external whenNotPaused {
    uint256 authorID = IEthosProfile(
    contractAddressManager.getContractAddressForName(ETHOS_PROFILE)
    ).verifiedProfileIdForAddress(msg.sender);

@-> _doesReplyExist(replyId);
    if (replies[replyId].authorProfileId != authorID) {
    revert OnlyAuthorCanEdit();
    }
    replies[replyId].content = content;
    replies[replyId].metadata = metadata;
    replies[replyId].edits++;

    emit ReplyEdited(authorID, replyId);
}

Mitigation

Optimize the function by calling _doesReplyExist first.

  function editReply(
    uint256 replyId,
    string memory content,
    string memory metadata
  ) external whenNotPaused {
+   _doesReplyExist(replyId);

    uint256 authorID = IEthosProfile(
      contractAddressManager.getContractAddressForName(ETHOS_PROFILE)
    ).verifiedProfileIdForAddress(msg.sender);

-   _doesReplyExist(replyId);
    if (replies[replyId].authorProfileId != authorID) {
      revert OnlyAuthorCanEdit();
    }
    replies[replyId].content = content;
    replies[replyId].metadata = metadata;
    replies[replyId].edits++;

    emit ReplyEdited(authorID, replyId);
  }