Skip to content

Latest commit

 

History

History
57 lines (33 loc) · 1.65 KB

064.md

File metadata and controls

57 lines (33 loc) · 1.65 KB
Raw

Smooth Opal Millipede

Medium

In EthosVouch, vouch may trigger a revert in case of vouch -> unvouch -> vouch process .

Summary

In EthosVouch.vouchExistsFor(), to determine whether vouch exists, the following conditions need to be met: https://github.com/sherlock-audit/2024-11-ethos-network-ii/blob/main/ethos/packages/contracts/contracts/EthosVouch.sol#L803-L811

The problem lies in the third condition:

    v.activityCheckpoints.unvouchedAt == 0;

When a vouch is unvouched, its activityCheckpoints.unvouchedAt will be assigned a value: https://github.com/sherlock-audit/2024-11-ethos-network-ii/blob/main/ethos/packages/contracts/contracts/EthosVouch.sol#L465

Which will cause the following situation where the transaction will revert:

1, Alice vouch Bob. 2, Alice unvouch Bob. 3, Alice vouch Bob again, it will cause a revert.

The reason for this is that vouchByProfileId() will call _vouchShouldNotExistFor(), and _vouchShouldNotExistFor() will in turn call vouchExistsFor(). Due to the previous unvouch operation, v.activityCheckpoints.unvouchedAt is not empty, thus triggering a revert. https://github.com/sherlock-audit/2024-11-ethos-network-ii/blob/main/ethos/packages/contracts/contracts/EthosVouch.sol#L369 https://github.com/sherlock-audit/2024-11-ethos-network-ii/blob/main/ethos/packages/contracts/contracts/EthosVouch.sol#L844-L848

Root Cause

No response

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

No response

Impact

In the scenario described above, the vouch operation will trigger a revert.

PoC

No response

Mitigation

No response