User can maliciously prolong his humanity duration by having a third party frontrun revokeHumanity

[hats-bug-reporter[bot]]

Github username: -- Twitter username: -- Submission hash (on-chain): 0x01353f21df05c6ea8ce9e15fffa81a51dd839b78005506f2d1dcb0ffcbdb2371 Severity: medium

Description: Lets assume the following:

• Bob and Alice are friends with malicious intent
• Jack is an honest user

Jack seems to find something odd with regards to Bob's humanityId and challenges him by calling revokeHumanity, lets say the reason being deepfake.

Alice sees this and frontruns Jack by calling revokeHumanity with an incorrect _evidence since Alice wants this request to be purposefully denied.

She could for example provide a reason that is blatantly faulty, it is not hard to present incorrect _evidence.

a request will now be created, external users will not fund this request since the reason for this request is blatantly false, so they will not risk losing their funds.

Eventually Jack will win the request since the provided evidence is faulty,

    function rule(uint256 _disputeId, uint256 _ruling) external override {
        DisputeData memory disputeData = disputeIdToData[msg.sender][_disputeId];
        Humanity storage humanity = humanityData[disputeData.humanityId];
        Request storage request = humanity.requests[disputeData.requestId];
        Challenge storage challenge = request.challenges[disputeData.challengeId];
        Round storage round = challenge.rounds[challenge.lastRoundId];

 =>           } else humanity.lastFailedRevocationTime = uint40(block.timestamp);

lastFailedRevocationTime will now be updated

Jack is now unable to perform his honest request by invokingrevokeHumanity

And Bob is now able to resume his HumanityId until the following check is true:

    function revokeHumanity(bytes20 _humanityId, string calldata _evidence) external payable {

=> require(humanity.lastFailedRevocationTime.addCap40(failedRevocationCooldown) < block.timestamp);

Now whenever this time comes, Bob and Alice can repeat this process.

The only thing that Alice and Bob pay is the arbitrator fees, but these would be paid anyway whenever challenging a honest request.

As far as the contribution goes, Alice can fully contribute and still lose no funds since Bob will ultimately win this challenge and receive her funds and just send it back

Recommendation

Not sure what the best mitigation is here, up for discussion

[clesaege]

a request will now be created, external users will not fund this request since the reason for this request is blatantly false, so they will not risk losing their funds.

Challenges must always be funded in full by the challenger, there is crowdfunding possibility for challenges.

According to the registry policy So even if the requester reasons are wrong, the request should still be accepted if there are other valid reasons.

[whoismxuse]

Hi @clesaege

Challenges must always be funded in full by the challenger, there is crowdfunding possibility for challenges.

I think you misunderstood the point here, Alice will call revokeHumanity and fully fund the challenge, Alice will provide incorrect evidences, meaning she will provide evidences that do not even lead to anything that seems correct or she will just leave the evidence empty. Bob will fully fund the request aswell. This will allow for no one to intervene with this scheme between Alice and Bob.

Acoording to you and the registry policy

the request should still be accepted if there are other valid reasons.

Alice will circumvent this by providing blatantly false evidence or simply just leave the evidence empty

This will result in her request being denied.

Bob will win the request and receive Alice's money and simply refund her the money.

[clesaege]

This will allow for no one to intervene with this scheme between Alice and Bob.

This isn't true, there are jurors who can do their own research and appellants who can do it as well.

Alice will circumvent this by providing blatantly false evidence or simply just leave the evidence empty

Anyone can post evidence.

As per competition rules, are excluded:

• Issues about challengers missing some invalid profile submissions/removals (for the purpose of this review, we will assume challengers are perfect and omniscient and that they always challenge invalid actions before the deadline).
• Issues about missing appeals (for the purpose of this review, we will assume that there is always a user providing appeal deposits in the case of a wrong provisional ruling).
• Comments about the arbitrator being malicious (ex: 51% attack). We assume that the arbitrator Kleros always provides the proper ruling (potentially after some appeals).