PNS - Re-registering an address does not remove it from the compromised list

[sherlock-admin2]

PNS

Medium

Re-registering an address does not remove it from the compromised list

Summary

The mechanism for removing connected addresses and adding them to the compromised list is to protect the profile from actions of this address on behalf of the profile. Additionally, if the user changes their mind, they can "restore" such an address to favor,
However, this does not remove it from the compromised list, but only from the deleted list, and thus such a list will continue to limit their actions in the system.

Root Cause

You can re-add a compromised address, but it is not removed from this list, only added to the profile's address list.

File: ethos/packages/contracts/contracts/EthosProfile.sol
  373:   function registerAddress(
  374:     address addressStr,
  375:     uint256 profileId,
  376:     uint256 randValue,
  377:     bytes calldata signature
  378:   ) external whenNotPaused onlyNonZeroAddress(addressStr) {


  386:     // you may restore your own previously deleted address,
  387:     // but you cannot register an address that has been deleted by another user
  388:     if (profileIdByAddress[addressStr] != profileId && isAddressCompromised[addressStr]) { //audit
  389:       revert AddressCompromised(addressStr);
  390:     }

  403:     profiles[profileId].addresses.push(addressStr); //audit: dodaje ten sam adres, który usunąłem i checkMaxAddresses() liczy go podwujnie bo jest i w usunietych i w aktywnych i zmniejsza nieslusznie limit userowi
  404:     profileIdByAddress[addressStr] = profileId;

  409:   }

EthosProfile.registerAddress

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

No response

Impact

Even though the address has been restored, it is still on the compromised list, which means that its access will continue to be limited.

PoC

No response

Mitigation

The address should be removed from the list of compromised addresses.