Compromised addresses should be prevented from interacting with any functions that are available to addresses that have no compromised flag on them.

Summary

Lack of checks if an address is compromised in functions such as addReview(), which makes the flag useless to some extent, that should've been prevented.

Root Cause

Lack of checks if an address is compromised in functions such as addReview(), which makes the flag useless to some extent.

It should clearly prevent such interactions, the only interaction it prevents is in inviteAddress() and re-registering

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

No response

Impact

Compromised addresses can call the same functions as normal addresses, which makes the flag practically useless.

PoC

No response

Mitigation

Add checks in functions that should clearly not be called by a compromised addresses.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

062.md

062.md

Compromised addresses should be prevented from interacting with any functions that are available to addresses that have no compromised flag on them.

Summary

Root Cause

Internal pre-conditions

External pre-conditions

Attack Path

Impact

PoC

Mitigation

Files

062.md

Latest commit

History

062.md

File metadata and controls

Compromised addresses should be prevented from interacting with any functions that are available to addresses that have no compromised flag on them.

Summary

Root Cause

Internal pre-conditions

External pre-conditions

Attack Path

Impact

PoC

Mitigation