search

hats-finance / Proof-Of-Humanity-V2-0xef0709445d394a22704850c772a28a863bb780b0

Proof of Humanity Protocol v2
2 stars 1 forks source link

Missing Error Messages in revert Statements #24

Open hats-bug-reporter[bot] opened 2 months ago

hats-bug-reporter[bot] commented 2 months ago

Github username: -- Twitter username: dod4ufn Submission hash (on-chain): 0x28e7489aaa6f851dab0f1ef245b5887370a9d7572b54056fe109248e2e373a35 Severity: low

Description: Description\ Throughout the codebase, there are revert statements that lack error messages. For instance:

The revert statement on line 1102 of ProofOfHumanity.sol The revert statement on line 1131 of ProofOfHumanityExtended.sol

Attack Scenario\

Having empty revert statements adds additional difficulty to the codebase.

  1. Proof of Concept (PoC)

In ProofOfHumanity.sol:

else if (block.timestamp - appealPeriodStart < (appealPeriodEnd - appealPeriodStart) / 2)
    multiplier = loserStakeMultiplier;
    // If half of appeal period passed and side funded is winner, it will revert
@> else revert();

In ProofOfHumanityExtended.sol:

else if (block.timestamp - appealPeriodStart < (appealPeriodEnd - appealPeriodStart) / 2)
    multiplier = loserStakeMultiplier;
    // If half of appeal period passed and side funded is winner, it will revert
@> else revert();
  1. Revised Code File

Consider including specific, informative error messages in revert statements to improve the overall clarity of the codebase and to avoid potential confusion when the contract reverts.

clesaege commented 2 months ago

Error messages are a new functionality. They more or less act as comments but do take space (sometimes leading to a smart contract being to large to be deployable). I don't have strong preference about this (but there should either be comments or an understandable message). Here there is a comment explaining it.

As per contest rules, it is out of scope: Issues about code/project quality which do not lead to exploitable vulnerabilities.