You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The _contractAddress input variable of fulfill remains undocumented and as such renders difficult the validation of what level of input sanitization should be applied to it.
Example:
*** @notice fulfill NFT Access condition* @dev only DID owner or DID provider can call this* method. Fulfill method sets the permissions*for the granted consumer's address to true then* fulfill the condition* @param _agreementId agreement identifier* @param _documentId refers to the DID in which secret store will issue the decryption keys* @param _grantee is the address of the granted user or the DID provider* @return condition state (Fulfilled/Aborted)*/function fulfill( bytes32 _agreementId, bytes32 _documentId, address _grantee, address _contractAddress)
Recommendation:
We advise it to be documented in the comments that precede the function and if the value is crucial to prevent users arbitrarily setting it as the fulfill function with 4 arguments is available as public and can set an arbitrary contract address in place of the DID registry.
The text was updated successfully, but these errors were encountered:
NFC-01M: Potentially Dangerous Function Input
Description:
The
_contractAddressinput variable offulfillremains undocumented and as such renders difficult the validation of what level of input sanitization should be applied to it.Example:
Recommendation:
We advise it to be documented in the comments that precede the function and if the value is crucial to prevent users arbitrarily setting it as the
fulfillfunction with 4 arguments is available aspublicand can set an arbitrary contract address in place of the DID registry.The text was updated successfully, but these errors were encountered: