attesters are not checked to be creator of attestation whenever added
Description
Whenever an attester is added, function addAttester is called:
Inside here the owner is able to add attesters.
As per EIP 7484:
Note that this does not happen whenever adding an attester. The attester is specified and simply pushed onto the list without checking if the attester is the creator of an attestation.
Ultimately a core functionality of EIP 7484 is broken.
Recommendation
Make sure to implement some sort of logic that checks the attester to be the creator of an attestation before adding it.
Lead Judging Commences
finding-ERC7484-invalid-attestation-verification
Invalid, - Addition of attesters are admin only functionalities so if duplicate addresses are added it would consitute admin input/call validation. - EIP-7484 is in draft mode so we should not take it as the final EIP configuration yet.
Appeal created
finding-ERC7484-invalid-attestation-verification
Invalid, - Addition of attesters are admin only functionalities so if duplicate addresses are added it would consitute admin input/call validation. - EIP-7484 is in draft mode so we should not take it as the final EIP configuration yet.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.