The require condition is not correct in function removeOperator in NestedFactory.sol #89
Labels
1 (Low Risk)
Assets are not at risk. State handling, function incorrect as to spec, issues with comments
bug
Something isn't working
duplicate
This issue or pull request already exists
Comments
code423n4
added
2 (Med Risk)
|
Duplicated : #58 |
|
Using #220 |
alcueca
added
1 (Low Risk)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Handle
fatima_naz
Vulnerability details
Impact
in function removeOperator in NestedFactory.sol
function removeOperator(bytes32 operator) external override onlyOwner {
uint256 i = 0;
while (operators[i] != operator) {
i++;
}
require(i > 0, "NestedFactory::removeOperator: Cant remove non-existent operator");
delete operators[i];
}
In the require condition i>0 but if the first element of operators i.e. operators[0] is equal to the operator the while loop will break just then. so i is 0 but require condition checks for i>0 so it will show that "NestedFactory::removeOperator: Cant remove non-existent operator" but actually the operator exist and it needs to be removed.
Proof of Concept
Tools Used
Recommended Mitigation Steps
change the condition in require as i>=0
The text was updated successfully, but these errors were encountered: