Open hats-bug-reporter[bot] opened 3 days ago
Github username: -- Twitter username: -- Submission hash (on-chain): 0xf98ccef9fe87ce0039b45e0f99fc036ca44aec603eb8b9c098d35e788625192f Severity: medium
Description: Description\ The registerGroup function reverts when called with empty _name or empty _symbol.
This is due to the below checks in the internal _registerGroup function:
https://github.com/hats-finance/Circles-0x6ca9ca24d78af44582951825bef9eadcb210e5cf/blob/507e18587b8a0b64a4bb21db01ecf876dc607e47/src/hub/Hub.sol#L1017-L1026
These functions return false due to nameBytes.length == 0
https://github.com/hats-finance/Circles-0x6ca9ca24d78af44582951825bef9eadcb210e5cf/blob/507e18587b8a0b64a4bb21db01ecf876dc607e47/src/names/NameRegistry.sol#L224
Thus the internal _registerGroup function will revert with CirclesInvalidString error
This behaviour differs from the intended functionality of defaulting name to "Circles-<base58(short)Name> when _name is left empty.
https://github.com/hats-finance/Circles-0x6ca9ca24d78af44582951825bef9eadcb210e5cf/blob/507e18587b8a0b64a4bb21db01ecf876dc607e47/src/names/NameRegistry.sol#L117
This is a medium issue because it results in essential functionality of the contracts being temporarily unusable or inaccessible.
Recommendation\ Replace the
if (nameBytes.length > 32 || nameBytes.length == 0) return false; // Check length
condition in isValidName function with
if (nameBytes.length > 32 return false; // Check length
There is no need to return false on nameBytes.length == 0
Groups must have a valid custom name, organizations do not.
Github username: -- Twitter username: -- Submission hash (on-chain): 0xf98ccef9fe87ce0039b45e0f99fc036ca44aec603eb8b9c098d35e788625192f Severity: medium
Description: Description\ The registerGroup function reverts when called with empty _name or empty _symbol.
This is due to the below checks in the internal _registerGroup function:
https://github.com/hats-finance/Circles-0x6ca9ca24d78af44582951825bef9eadcb210e5cf/blob/507e18587b8a0b64a4bb21db01ecf876dc607e47/src/hub/Hub.sol#L1017-L1026
These functions return false due to nameBytes.length == 0
https://github.com/hats-finance/Circles-0x6ca9ca24d78af44582951825bef9eadcb210e5cf/blob/507e18587b8a0b64a4bb21db01ecf876dc607e47/src/names/NameRegistry.sol#L224
Thus the internal _registerGroup function will revert with CirclesInvalidString error
This behaviour differs from the intended functionality of defaulting name to "Circles-<base58(short)Name> when _name is left empty.
https://github.com/hats-finance/Circles-0x6ca9ca24d78af44582951825bef9eadcb210e5cf/blob/507e18587b8a0b64a4bb21db01ecf876dc607e47/src/names/NameRegistry.sol#L117
This is a medium issue because it results in essential functionality of the contracts being temporarily unusable or inaccessible.
Recommendation\ Replace the
condition in isValidName function with
There is no need to return false on nameBytes.length == 0