Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

smbv-1923 - EthosProfile which contains multiple address cannot work with archiveReview() and restoreReview()` #314

Open
sherlock-admin4 opened this issue Nov 4, 2024 · 0 comments
Open

smbv-1923 - EthosProfile which contains multiple address cannot work with archiveReview() and restoreReview()` #314

sherlock-admin4 opened this issue Nov 4, 2024 · 0 comments

Comments

@sherlock-admin4
Copy link

sherlock-admin4 commented Nov 4, 2024
edited
Loading

smbv-1923

Medium

EthosProfile which contains multiple address cannot work with archiveReview() and restoreReview()`

Summary

EthosProfile which contains multiple address cannot work with archiveReview() and restoreReview()`

Root Cause

https://github.com/sherlock-audit/2024-10-ethos-network/blob/main/ethos/packages/contracts/contracts/EthosReview.sol#L300
https://github.com/sherlock-audit/2024-10-ethos-network/blob/main/ethos/packages/contracts/contracts/EthosReview.sol#L321

Internal pre-conditions

  • There should be a EthosProfile which contains multiple address in that profile.

External pre-conditions

No response

Attack Path

  • Let's understand using an example.
  • Let's suppose there is a Ethos Profile which contains 3 addresses AddrA, AddrB, AddrC.
  • Lets suppose AddrC added review earlier using addReview() where author is set as msg.sender
reviews[reviewCount] = Review({
      archived: false,
      score: score,
      authorProfileId: authorProfileId,
      author: msg.sender,
      subject: subject,
      reviewId: reviewCount,
      // solhint-disable-next-line not-rely-on-time
      createdAt: block.timestamp,
      comment: comment,
      metadata: metadata,
      attestationDetails: attestationDetails
    });
  • Now AddrC get's compromised and is not part of that Ethos Profile.
  • Now other Ethos Profile address can't archiveReview() and restoreReview()` because of the below check
if (review.author != msg.sender) {
      revert UnauthorizedArchiving(reviewId);
    }
  • In case of account compromises, a profile can unregister an account and mark it as compromised.
  • In this case other ethosProfile addresses can't archive and restore the review.
  • This is clearly not a design choice as this case is handled properly in another function editReview()
if (review.authorProfileId != authorProfileId) {
      revert UnauthorizedEdit(reviewId);
    }

Impact

  • Other addresses of EthosProfile will not not be able to restore and archive reviews due to msg.sender check.

PoC

No response

Mitigation

  • Add a similar check which is their inside editReview()
if (review.authorProfileId != authorProfileId) {
      revert UnauthorizedEdit(reviewId);
    }
@sherlock-admin4 sherlock-admin4 changed the title Electric Satin Koala - EthosProfile which contains multiple address cannot work with archiveReview() and restoreReview()` smbv-1923 - EthosProfile which contains multiple address cannot work with archiveReview() and restoreReview()` Nov 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin4