Sparkly Seaweed Wolf
Medium
Profile's max addresses cannot work as expected if we repeat register, unregister one address in one profile
In EthosProfile::registerAddress, we miss updating profiles[profileId].removedAddresses. This will cause maxNumberOfAddresses limitation cannot work well.
In EthosProfile:373, users can register one address into one active profile. There are two basic scenario for registerAddress():
- Register one fresh address into one profile
- Register one deleted address back to our profile.
Use case: user can register, unregister and register again the same address.The problem is that when we try to register one deleted address back to our profile, we miss delete this address fromprofiles[profileId].removedAddresses. This will cause this registered address will be inprofiles[profileId].addressesandprofiles[profileId].removedAddressesat the same time. This will cause the number of this profile's addresses cannot reachmaxNumberOfAddresses.
function registerAddress(
address addressStr,
uint256 profileId,
uint256 randValue,
bytes calldata signature
) external whenNotPaused onlyNonZeroAddress(addressStr) {
...
profiles[profileId].addresses.push(addressStr);
profileIdByAddress[addressStr] = profileId;
checkMaxAddresses(profileId);
}
function checkMaxAddresses(uint256 profileId) internal view {
uint256 sum = profiles[profileId].addresses.length;
sum += profiles[profileId].removedAddresses.length;
if (sum > maxNumberOfAddresses) {
revert MaxAddressesReached(profileId);
}
}- One address is deleted and re-registered by the profile owner.
N/A
- One address is deleted and re-registered into the profile.
- When the user wants to register his last address in
maxNumberOfAddresses, the register will be reverted.
Users' maximum address may be lower than maxNumberOfAddresses. This is unexpected behaviour, and break the design intent.
N/A
When we register one address, if this address exists in the profiles[profileId].removedAddresses list, we should remove this address from the profiles[profileId].removedAddresses.