Quiet Cyan Hyena
Medium
A user can register multiple addresses to his profile. If the address has already been reviewed, it is tied to a mock profile id. Therefore, the registration of the address will be reverted.
When an address is reviewed, it is tied to a mock profile id in the following EthosProfile.incrementProfileCount() function.
function incrementProfileCount(
bool isAttestation,
address subject,
bytes32 attestation
) external whenNotPaused returns (uint256 profileId) {
...SKIP...
profileId = profileCount;
if (isAttestation) {
profileIdByAttestation[attestation] = profileId;
} else {
305: profileIdByAddress[subject] = profileId;
}
...SKIP...
}Next, EthosProfile.registerAddress() function is the following.
function registerAddress(
address addressStr,
uint256 profileId,
uint256 randValue,
bytes calldata signature
) external whenNotPaused onlyNonZeroAddress(addressStr) {
...SKIP...
(bool addressAlreadyRegistered, , , uint256 registeredProfileId) = profileStatusByAddress(
addressStr
);
394:if (addressAlreadyRegistered && registeredProfileId != profileId) {
revert ProfileExistsForAddress(addressStr);
}
...SKIP...As can be seen, if addressStr has already been reviewed, since addressAlreadyRegistered = true and registeredProfileId != profileId in L394, it will be reverted.
- A user has two addresses.
- One of the user's address is already reviewed by reviewer.
No response
- A user has two address: 'addr1
andaddr2`. addr2has already been reviewed and is tied to a mock profile id.- The user create profile with
addr1. - The user call
registerAddressto registeraddr2to his own profile. - The function call is reverted with
ProfileExistsForAddresserror inL395.
Breaks core contract functionality because users can't register multiple addresses to his profile.
No response
If an address to register is tied to a mock profile, allow the address to be registered.