Winning Strawberry Salmon
Medium
Removed addresses have excessive permissions; they can continue to operate on profile information, delete inviters, and close/reopen profiles.
The archiveProfile(), restoreProfile(), and uninviteUser() functions lack the checkIfCompromised(address) modifier.
https://github.com/sherlock-audit/2024-10-ethos-network/blob/main/ethos/packages/contracts/contracts/EthosProfile.sol#L258 https://github.com/sherlock-audit/2024-10-ethos-network/blob/main/ethos/packages/contracts/contracts/EthosProfile.sol#L330 https://github.com/sherlock-audit/2024-10-ethos-network/blob/main/ethos/packages/contracts/contracts/EthosProfile.sol#L349
No response
There are removed accounts present in the Profile.
Removed addresses can affect the profile status by calling archiveProfile(), restoreProfile(), and uninviteUser() functions
Removed addresses can affect the profile status by calling archiveProfile(), restoreProfile(), and uninviteUser() functions
No response
add the checkIfCompromised(invitee) modifier to the archiveProfile(), restoreProfile(), and uninviteUser() functions