Sale State in White Listing presale does not enforce a sequential transition

[hats-bug-reporter[bot]]

Github username: @https://github.com/betharavikiran Submission hash (on-chain): 0x792bf18568d8df8348b033883bb49427a1c2a139d280b90f40bae07b33964259 Severity: medium

Description: Description\ The sale state in Wait listing presale does not honor sequential transition.

NOT_ACTIVE => WL => OVER

While the intention is that the Sale state will start as not active, it will flow unidirectional to Over. The idea being the White Listing presale cannot transit back to previous state.

enum SaleState { NOT_ACTIVE, WL, OVER }

Attack Scenario\ Describe how the vulnerability can be exploited. During investing to Mint, based on the state of sale, only if WL is the active state, the investing should be allowed.

The risk arises from the fact that owner can manage the state and also allow going backwards to facilitate certain transactions.

The code should prevent such transitions while entitling the owner to execute the transitions in unidirectional way.

1. Proof of Concept (PoC) File function setSaleState(SaleState _saleState) external onlyOwner { saleState = _saleState; }

2. Revised Code File (Optional) Logic to enforce the flow.

   function setSaleState(SaleState _saleState) external onlyOwner { require(saleState != SaleState.OVER); if(_saleState == SaleState.WL){ require(saleState == SaleState.NOT_ACTIVE); } else if (_saleState == SaleState.OVER){ require(saleState == SaleState.WL); } saleState = _saleState; }

Files:

• WlPresaleCvg.sol (https://hats-backend-prod.herokuapp.com/v1/files/QmaS9gz1r1HHBWtJJaW2pDWywzg5aftmCJb6mB2Ghs12Y1)
• WlPresaleCvg_updated.sol (https://hats-backend-prod.herokuapp.com/v1/files/QmS6FbbSv5B24unEAoYoavQqiLxxeR9QKpwPNr4onuin1K)

[walk-on-me]

Hello, Thanks a lot for your attention.

This issue is a configuration issue and Out of scope.

We have so to consider this issue as Invalid