[WP-M1] Inappropriate handling of referralFee
makes collecting Mirror fails without error when referrerProfileId
is burned
#67
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
Lines of code
https://github.com/code-423n4/2022-02-aave-lens/blob/c1d2de2b0609b7d2734ada2ce45c91a73cc54dd9/contracts/core/modules/collect/FeeCollectModule.sol#L163-L172
Vulnerability details
In the current implementation, even when the profile's owner burnt the
ProfileNFT
, as the profile's legacy, the publications can still be collected.However, if the publication is a
Mirror
and there is areferralFee
set by the original publication, the user won't be able to collect from aMirror
that was published by a burned profile.https://github.com/code-423n4/2022-02-aave-lens/blob/c1d2de2b0609b7d2734ada2ce45c91a73cc54dd9/contracts/core/modules/collect/FeeCollectModule.sol#L163-L172
In
_processCollectWithReferral()
, if there is areferralFee
, contract will readreferralRecipient
fromIERC721(HUB).ownerOf(referrerProfileId)
, ifreferrerProfileId
is burned, theIERC721(HUB).ownerOf(referrerProfileId)
will revert withERC721: owner query for nonexistent token
.However, since we wish to allow the content to be collected, we should just treat referrals as non-existent in this situation.
Recommendation
Change to:
The text was updated successfully, but these errors were encountered: