`HATArbitrator.dispute()`can be called after dispute has been resolved

[hats-bug-reporter[bot]]

Github username: @bahurum Submission hash (on-chain): 0xc0f8b633fa893a1125a9c2b8676a28a3e5b56a75e29024a55b24fcf0d3ce8cdf Severity: low

Description: Description\ HATArbitrator.dispute() can be called even after a dispute has been resolved, while users should be able to add to a dispute only when the dispute is not resolved yet.

Disputes of a claim can can be made after resolution when:

• the expert committee accepts or dismisses the dispute in less then 24 hours
• the expert committee submits a claim directly through approveSubmitClaimRequest() (in which case there should be no disputes)

Note that currently all tokens used for disputes coming after resolution can be recovered after some time by calling reclaimBond() so there is no loss of funds.

Recommendation\ Consider adding the onlyUnresolvedDispute(_vault, _claimId) modifier to the dispute() function so that only unresolved claims can be disputed.

    function dispute(
        IHATClaimsManager _vault,
        bytes32 _claimId,
        uint256 _bondAmount,
        string calldata _descriptionHash
-   ) external {        
+   ) external 
+   onlyUnresolvedDispute(_vault, _claimId)
+   {
        if (_bondAmount < minBondAmount) {
            revert BondAmountSubmittedTooLow();
        }

[jellegerbrandy]

HATArbitrator.dispute() can be called even after a dispute has been resolved,

I do not think this is true, at least not with the same claimId

[bahurum]

dispute() can be called with the same claimId for example after approveSubmitClaimRequest() is called. The call won't fail. _vault.challengeClaim(_claimId) won't be reached but the event ClaimDisputed() will be emitted.