hats-finance / Proof-Of-Humanity-V2-0xef0709445d394a22704850c772a28a863bb780b0

Proof of Humanity Protocol v2
2 stars 1 forks source link

addSubmissionManually Does Not Properly Check Every Requirement #11

Open hats-bug-reporter[bot] opened 2 months ago

hats-bug-reporter[bot] commented 2 months ago

Github username: -- Twitter username: dod4ufn Submission hash (on-chain): 0x3ff31d7630e6fd3ac6020b1cfb2dcce2e0af172d90c86e833df2f16437339020 Severity: low

Description: Description\ The addSubmission function is used by the users in order to make a request and add it a new entry to the list. The function does extensive checks to prevent faulty submissions. More specifically it checks:

The addSubmissionManually function is used by the Governor to add multiple submissions. The checks that it performs are:

Effectively missing two checks compared to the addSubmission function.

Attachments

  1. Proof of Concept

ProofOfHumanityOld.sol

function addSubmissionManually(
    address[] calldata _submissionIDs,
    string[] calldata _evidence,
    string[] calldata _names
) external onlyGovernor {
    uint256 counter = submissionCounter;
    uint256 arbitratorDataID = arbitratorDataList.length - 1;
    for (uint256 i = 0; i < _submissionIDs.length; i++) {
        Submission storage submission = submissions[_submissionIDs[i]];
@>      require(submission.requests.length == 0, "Submission already been created");
        submission.index = uint64(counter);
        counter++;

        submission.requests.push();
        Request storage request = submission.requests[submission.requests.length - 1];
        submission.registered = true;

        submission.submissionTime = uint64(block.timestamp);
        request.arbitratorDataID = uint16(arbitratorDataID);
        request.resolved = true;

        if (bytes(_evidence[i]).length > 0)
            emit Evidence(
                arbitratorDataList[arbitratorDataID].arbitrator,
                uint256(uint160(_submissionIDs[i])),
                msg.sender,
                _evidence[i]
            );
    }
    submissionCounter = counter;
}
function addSubmission(string calldata _evidence, string calldata _name) external payable {
    Submission storage submission = submissions[msg.sender];
@>  require(!submission.registered && submission.status == Status.None, "Wrong status");
@>  if (submission.requests.length == 0) {
        submission.index = uint64(submissionCounter);
        submissionCounter++;
    }
    submission.status = Status.Vouching;
    emit AddSubmission(msg.sender, submission.requests.length);
    requestRegistration(msg.sender, _evidence);
}
  1. Revised Code

The team should include the missing requirements to the addSubmissionManually function.

clesaege commented 2 months ago

The governor is trusted.

As per competition rules

Out of scope: