Removing attester inside RegistryFactory.sol won't work for duplicate addresses
Summary
Calling the removeAttester() function inside of RegistryFactory.sol won't remove duplicate attesters.
Vulnerability Details
Since addAttester() does not have a mechanism to check if the address already exists and the only way to remove an attester is from removeAttester() removing them one by one will cost more resources than if you could remove them all at once.
Impact
You won't be able to remove duplicate attesters and you will need to make several transactions costing you more money.
Tools Used
Manual Review
Recommendations
Looping backwards because that way the array won't get re-indexed and we won't skip an attester.
Lead Judging Commences
finding-ERC7848-add-duplicate-attester
Invalid, - Addition of attesters are admin only functionalities so if duplicate addresses are added it would consitute admin input/call validation. - ERC-7484 is in draft mode so we should not take it as the final EIP configuration yet. - Even if a mistake was made, removals can be performed by invoking `removeAttester` multiple times by the owner to completely remove a duplicate user. - In the [documentation](https://github.com/bcnmy/nexus/wiki#problems-nexus-solves), it is not noted that Nexus suite will be ERC7484 compliant.
Appeal created
finding-ERC7484-sorted-duplicate-attestor-issue
Invalid, similar issue to #151 and duplicates - Addition of attesters are admin only functionalities so if duplicate addresses are added it would consitute admin input/call validation. - ERC-7484 is in draft mode so we should not take it as the final EIP configuration yet. - In the [documentation](https://github.com/bcnmy/nexus/wiki#problems-nexus-solves), it is not noted that Nexus suite will be ERC7484 compliant.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.