Missing init check may update operator earlier than desired #48
Labels
bug
Something isn't working
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
duplicate
This issue or pull request already exists
G (Gas Optimization)
resolved
Finding has been patched by sponsor (sponsor pls link to PR containing fix)
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
Lines of code
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/Aura.sol#L82
Vulnerability details
Impact
The updateOperator function should only be allowed to be called after init function otherwise operator would get updated from Aura.sol contract deployer before original operator could provide initial mint using init function
Proof of Concept
Recommended Mitigation Steps
Add a check in updateOperator function to confirm this
The text was updated successfully, but these errors were encountered: