Colossal Chiffon Urchin
Medium
increaseVouch allows to increase power of archived account.
According to docs in code
- Author cannot vouch for an archived profile
inside vouchByProfileId
there is a check that subject's profile is not archived, but there is none in increaseVouch, which allows to first create vouch-> archive account->increase account's power in archived state, which violates invariant in the beginning of contract
function vouchByProfileId(
uint256 subjectProfileId,
string calldata comment,
string calldata metadata
) public payable whenNotPaused nonReentrant {
...
(bool verified, bool archived, bool mock) = IEthosProfile(
contractAddressManager.getContractAddressForName(ETHOS_PROFILE)
).profileStatusById(subjectProfileId);
// you may not vouch for archived profiles
// however, you may vouch for verified AND mock profiles
// we allow vouching for mock profiles in case they are later verified
if (archived || (!mock && !verified)) {
revert InvalidEthosProfileForVouch(subjectProfileId);
}
...
}
No response
No response
No response
Archived account's power can be increased which breaks protocol's invariant
No response
Send it to the subject reward escrow like its done with dust at the end of the function
function increaseVouch(uint256 vouchId) public payable nonReentrant {
// vouch increases much also meet the minimum vouch amount
if (msg.value < configuredMinimumVouchAmount) {
revert MinimumVouchAmount(configuredMinimumVouchAmount);
}
+ (bool verified, bool archived, bool mock) = IEthosProfile(
+ contractAddressManager.getContractAddressForName(ETHOS_PROFILE)
+ ).profileStatusById(vouches[vouchId].subjectProfileId);
+
+ // you may not vouch for archived profiles
+ // however, you may vouch for verified AND mock profiles
+ // we allow vouching for mock profiles in case they are later verified
+ if (archived || (!mock && !verified)) {
+ revert InvalidEthosProfileForVouch(vouches[vouchId].subjectProfileId);
+ }
// get the profile id of the author
uint256 profileId = IEthosProfile(
contractAddressManager.getContractAddressForName(ETHOS_PROFILE)
).verifiedProfileIdForAddress(msg.sender);
_vouchShouldBelongToAuthor(vouchId, profileId);
// make sure this vouch is active; not unvouched
_vouchShouldBePossibleUnvouch(vouchId);
uint256 subjectProfileId = vouches[vouchId].subjectProfileId;
(uint256 toDeposit, ) = applyFees(msg.value, true, subjectProfileId);
vouches[vouchId].balance += toDeposit;
emit VouchIncreased(vouchId, profileId, subjectProfileId, msg.value);
}