Skip to content

Commit

Permalink
Merge pull request #595 from daostack/ucontroller_fix
Browse files Browse the repository at this point in the history 
fix uController newOrganization vulnerability
  • Loading branch information
@leviadam
leviadam authored Feb 7, 2019
2 parents 14acc6f + 7752c22 commit e08efd4
Showing 1 changed file with 9 additions and 7 deletions.
16 changes: 9 additions & 7 deletions contracts/controller/UController.sol
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,15 +93,17 @@ contract UController is ControllerInterface {
{
require(!organizations[address(_avatar)].exist);
require(_avatar.owner() == address(this));
DAOToken nativeToken = _avatar.nativeToken();
Reputation nativeReputation = _avatar.nativeReputation();
//To guaranty uniqueness for the reputation systems.
require(!reputations[address(_avatar.nativeReputation())]);
//To guaranty uniqueness for the reputation systems.
require(!tokens[address(_avatar.nativeToken())]);
require(!reputations[address(nativeReputation)]);
//To guaranty uniqueness for the nativeToken.
require(!tokens[address(nativeToken)]);
organizations[address(_avatar)].exist = true;
organizations[address(_avatar)].nativeToken = _avatar.nativeToken();
organizations[address(_avatar)].nativeReputation = _avatar.nativeReputation();
reputations[address(_avatar.nativeReputation())] = true;
tokens[address(_avatar.nativeToken())] = true;
organizations[address(_avatar)].nativeToken = nativeToken;
organizations[address(_avatar)].nativeReputation = nativeReputation;
reputations[address(nativeReputation)] = true;
tokens[address(nativeToken)] = true;
organizations[address(_avatar)].schemes[msg.sender] =
Scheme({paramsHash: bytes32(0), permissions: bytes4(0x0000001f)});
emit RegisterScheme(msg.sender, msg.sender, address(_avatar));
Expand Down

0 comments on commit e08efd4

Please sign in to comment.