Malicious Users Can Bypass the Challenge System

Github username: @0xmahdirostami Twitter username: 0xmahdirostami Submission hash (on-chain): 0xdc12ade9ef4583fe8053d07c2292fa8283180a41391629e596b6110be63ef968 Severity: medium

Description:

Summary

The protocol relies on a challenge system to ensure that only legitimate humanity requests are approved. However, there's a way for malicious users to trick this system by submitting fake challenges, allowing them to bypass the process and get their fake requests approved.

Impact:

Bypassing challenge phase

Vulnerability Detail

humanity is in resolving state
for each reason, user challenges a request with fake evidence
as they use fake evidence, they will not accepted

after last reason as the following condition met


        // For a claim request there can be more than one dispute.
        if (resultRuling == Party.Requester) {
            if (!request.punishedVouch) {
                // All reasons being used means the request can't be challenged again, so we can update its status.
@>                    if (request.usedReasons == FULL_REASONS_SET) {
                    humanity.owner = request.requester;
                    humanity.expirationTime = uint40(block.timestamp).addCap40(humanityLifespan);


user will gain that humanity.

A malicious user can exploit this by submitting fake challenges during challengePeriodDuration. For all reasons, they could repeatedly submit challenges with fake evidence, like saying the person is "Deceased" with false evidence. By doing this, they can `fill full_reason_ser`, letting their fake request go through without proper review.

hats-finance / Proof-Of-Humanity-V2-0xef0709445d394a22704850c772a28a863bb780b0