Open hats-bug-reporter[bot] opened 2 weeks ago
other humanities vouches for it. (they do malicious act here, but as no challenge will be accepted at the end they will not pay penalties)
So according to your report, you still need vouches.
For the other part, similar to https://github.com/hats-finance/Proof-Of-Humanity-V2-0xef0709445d394a22704850c772a28a863bb780b0/issues/140
Github username: @0xmahdirostami Twitter username: 0xmahdirostami Submission hash (on-chain): 0x393dcd92b41a1629c07e3a52985fa55d01714e6cd5de666431969965ebbb656c Severity: high
Description:
Summary
The protocol relies on a vouching system and challenge system to ensure that only legitimate humanity requests are approved. However, there's a way for malicious users to trick this system by adding incorrect vouches and submitting fake challenges, allowing them to bypass the process and get their fake requests approved.
Impact:
Bypassing challenge phase and vouching phase and create as many as humainty ids.
Vulnerability Detail