Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Redundant Membership Implementation Update in updateMembershipImplementation Function

krisp

Summary

The updateMembershipImplementation function allows an administrator to set a new implementation contract address. However, it does not verify if newImplementation differs from the current membershipImplementation. This could lead to unnecessary updates without changing the membershipImplementation address.

Vulnerability Details

The updateMembershipImplementation function currently only checks that the newImplementation address is not the zero address. It does not ensure that newImplementation is different from the existing membershipImplementation address. This could allow redundant updates that don’t alter the state, wasting gas and creating unnecessary entries in the contract's history.

Impact

This vulnerability is rated as Low. While it does not present a critical security issue, it could lead to gas inefficiencies and clutter the transaction history with redundant updates that do not change the implementation address.

Tools Used

None

Recommendations

Add a check to confirm that newImplementation is different from the current membershipImplementation. The function can be updated as follows:

function updateMembershipImplementation(address newImplementation) external onlyRole(DEFAULT_ADMIN_ROLE) {
require(newImplementation != address(0), "Invalid address");
require(newImplementation != membershipImplementation, "Address already set");
membershipImplementation = newImplementation;
}

This adjustment will prevent unnecessary updates and ensure that membershipImplementation is only changed when a new address is provided.

Updates

Lead Judging Commences

0xbrivan2 Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Lack of quality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.