`challengePeriodDuration` could be greater than the time for a dispute.

[hats-bug-reporter[bot]]

Github username: @Audinarey Twitter username: audinarey Submission hash (on-chain): 0x6adc26573027c63581eae9badfcce93f88fd0aa4e8e6f533a46fa959331fd9c8 Severity: low

Description: Description\ Per the NATSPEC comments in the changeDurations(...) function,

• @param _challengePeriodDuration The new duration of the challenge period. It should be lower than the time for a dispute.

there is a missing check to ensure that the challengePeriodDuration variable is lesser/lower than the time for a dispute.

Attack Scenario\ As shown below, the check/validation described above is missing.

    function changeDurations(
        uint40 _humanityLifespan,
        uint40 _renewalPeriodDuration,
        uint40 _challengePeriodDuration,
        uint40 _failedRevocationCooldown
    ) external onlyGovernor {
        humanityLifespan = _humanityLifespan;
        renewalPeriodDuration = _renewalPeriodDuration;
        challengePeriodDuration = _challengePeriodDuration;
        failedRevocationCooldown = _failedRevocationCooldown;
        emit DurationsChanged(
            _humanityLifespan,
            _renewalPeriodDuration,
            _challengePeriodDuration,
            _failedRevocationCooldown
        );
    }

This check is also missing from the initialise(...) function

2. Revised Code File (Optional).

Implement a check to ensure the new _challengePeriodDuration value is lesser/lower than the time for a dispute.

[clesaege]

The governor is trusted.

As per competition rules

Out of scope:

• Comments about the governor/owner being malicious (they are considered trusted and will be moved to the DAO).
• Issues about the ability for a governor/owner to set parameters in a way breaking the contract (they are trusted to be both non-malicious and non-stupid).