Lack of contract-level KYC allows attackers to impersonate others, create multiple accounts, join from another address if blocked
Summary
Lack of contract-level KYC allows attackers to impersonate others, create multiple accounts, join from another address if blocked
Vulnerability Details
Lack of contract-level KYC allows attackers to impersonate others, create multiple accounts, join from another address if blocked. It should be enforced in the contract in the mintProfile(...) function in order to make sure that for each user, there is only one address and one image.
Impact
Malicious users can perform the following actions:
impersonate others
create multiple accounts
join from another address if blocked
Tools Used
Manual Review
Recommendations
Implement an contract-level KYC and NFT verification
Appeal created
Informational or Gas
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.