The checkAnInvariant function contains an invariant that everMatched must always be false. However, an attacker can call etch with an arbitrary address, compute the corresponding bytes32 hash, then call lookup with the hash and the same address. This sets everMatched to true, violating the invariant. When checkAnInvariant is called, the assertion fails, causing a panic and transaction revert. This indicates a critical flaw in the contract's logic, allowing attackers to trigger unexpected reverts or exploit logical inconsistencies.
Re-evaluate the contract's design to ensure the invariant !everMatched is correctly enforced. If everMatched should never be true, modify the lookup function to prevent state changes under unintended conditions. Alternatively, remove the assertion if the invariant is not essential to the contract's operation.
Line 35 – 40
