Skip to content

Latest commit

 

History

History
54 lines (33 loc) · 2.71 KB

047.md

File metadata and controls

54 lines (33 loc) · 2.71 KB

Mysterious Plum Griffin

Medium

Profile Association Check Missing in registerAddress Function

Summary

The EthosProfile::registerAddress function, designed to allow users to register a new address to a profile they are associated with, lacks a crucial verification step. It does not verify if the caller (msg.sender) is indeed associated with the profileId to which they are attempting to register an address. As a result, any user can register an address under a profile they do not belong to, potentially leading to unauthorized associations and impersonation risks.

Root Cause

The function lacks a check to ensure that msg.sender belongs to the profileId they are trying to register an address for. Without this check, any user can arbitrarily add addresses to profiles they do not control.

https://github.com/sherlock-audit/2024-10-ethos-network/blob/main/ethos/packages/contracts/contracts/EthosProfile.sol#L373-L378

Internal pre-conditions

  1. A user has an existing profile with a valid profileId.
  2. The EthosProfile::registerAddress function should check that the caller (msg.sender) owns or is linked to the profile before allowing a new address to be registered.

External pre-conditions

  1. Any address associated to a valid profile can call EthosProfile::registerAddress, passing any profileId without needing to belong to that profile.
  2. The system does not enforce ownership of profileId by msg.sender, allowing unauthorized users to add addresses to arbitrary profiles.

Attack Path

  1. A user calls EthosProfile::registerAddress with the profileId of a profile they do not own.
  2. The user successfully registers an address to the victim’s profile, potentially misleading others into believing that the address is associated with the victim’s profile.
  3. This could lead to impersonation, account misrepresentation, and potential compromise of the profile’s reputation.

Impact

This vulnerability enables unauthorized users to register arbitrary addresses to any profile, compromising the integrity of profile ownership and security. It opens the door to impersonation and the unauthorized association of accounts with profiles.

PoC

No response

Mitigation

Add a check to verify that msg.sender is associated with the profileId they’re trying to register an address for. This can be achieved by calling a function that confirms msg.sender’s association with the profile before allowing them to add a new address.

bool senderBelongsToProfile = IEthosProfile(_getEthosProfile()).addressBelongsToProfile(
      msg.sender,
      profileId
    );

    if (!senderBelongsToProfile) {
      revert UnauthorizedAddressRegistration(msg.sender, profileId);
    }