Bald Lace Cyborg - wrong logic is implemented in createMarketWithConfig(), which could revert the function #710
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Bald Lace Cyborg
Medium
wrong logic is implemented in createMarketWithConfig(), which could revert the function
Summary
whenever enforceCreationAllowList is true and creationAllowedProfileIds is allowed , then also it will result in reverting of the function
Root Cause
https://github.com/sherlock-audit/2024-11-ethos-network-ii/blob/main/ethos/packages/contracts/contracts/EthosVouch.sol#L667C1-L685C4
/**
*/
function setAllowListEnforcement(bool value) public onlyAdmin whenNotPaused {
enforceCreationAllowList = value;
}
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
lets consider a scenario when enforce is set to true and user is allowed,
which means createMarket config should succeed and fucntion should go further. But here actually, when it is true it will revert.
so it will prove the comment wrong
Impact
improper functioning of create market, and not working as intended and mentioned in comments
PoC
No response
Mitigation
logic in if function should be changed for enforceAllow
The text was updated successfully, but these errors were encountered: