Skip to content

FLOW-5 - Clean up existing capability before granting new beta access #145

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
liobrasil wants to merge 1 commit into
base: main
Choose a base branch
from
Open

FLOW-5 - Clean up existing capability before granting new beta access #145

liobrasil wants to merge 1 commit into from

Conversation

@liobrasil
Copy link
Contributor

@liobrasil liobrasil commented Jan 13, 2026

Summary

  • Adds _cleanupExistingGrant function that deletes old capability controllers before issuing new ones
  • Calls cleanup in grantBeta() before creating a new capability

This prevents storage bloat and maintains an accurate audit trail when grantBeta() is called for an address that already has beta access.

Quantstamp Audit Finding

FLOW-5: GrantBeta Overwrites Existing Capability without Cleanup (Low)

When grantBeta() is called for an address that already has beta access, the function was creating a new capability and overwriting the entry in issuedCapIDs without deleting the old capability controller.

Test plan

  • Verify that calling grantBeta() twice for the same address properly cleans up the old capability
  • Verify that BetaRevoked event is emitted when cleaning up old capability

Closes #136

🤖 Generated with Claude Code

@liobrasil @claude
Fix: Clean up existing capability before granting new beta access
6722e34 
Add _cleanupExistingGrant function that deletes the old capability
controller before issuing a new one. This prevents storage bloat
and maintains an accurate audit trail when grantBeta() is called
for an address that already has beta access.

Addresses Quantstamp audit finding FLOW-5.

Co-Authored-By: Claude Opus 4.5 <[email protected]>
@liobrasil liobrasil requested a review from a team as a code owner January 13, 2026 13:09
This was referenced Jan 13, 2026
Closed
Open
holyfuchs
holyfuchs reviewed Jan 15, 2026
View reviewed changes
Copy link

@holyfuchs holyfuchs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is a logic inconsistency between the grant and revoke functions in the contract:

  • revokeByAddress(): Panics if called on an address that is already revoked.
  • grantBeta(): Succeeds if called on an address that is already granted.

Calling grantBeta() multiple times on the same address causes the contract to emit BetaRevoked and BetaGranted events unnecessarily. This might lead to bugs in services listening to those events.

Although not recommended in the report, I would consider panicking the grantBeta() if the address is already granted.

@liobrasil liobrasil changed the title Fix: FLOW-5 - Clean up existing capability before granting new beta access FLOW-5 - Clean up existing capability before granting new beta access Jan 15, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@holyfuchs holyfuchs holyfuchs left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

FLOW-5 Grantbeta Overwrites Existing Capability without Cleanup

3 participants

@liobrasil @holyfuchs