search

hats-finance / Proof-Of-Humanity-V2-0xef0709445d394a22704850c772a28a863bb780b0

Proof of Humanity Protocol v2
2 stars 1 forks source link

Failure to Accumulate Multiple Contributions Causes Incorrect Deposit Check in _contribute Function #49

Open hats-bug-reporter[bot] opened 2 months ago

hats-bug-reporter[bot] commented 2 months ago

Github username: @0xmahdirostami Twitter username: 0xmahdirostami Submission hash (on-chain): 0xa0b479428b645fdba52a9bc0dee4ffef7a257c640fb2ce7be1ed254ca7309c9a Severity: low

Description:

Summary

The advanceState function checks if the requester has fully covered the deposit by ensuring that the sideFunded attribute is set to Party.Requester. However, the current logic in the _contribute function only considers individual contributions against the required amount, rather than the total accumulated funds. This flaw will impact on users who have multiple funds.

Vulnerability Detail

In the _contribute function, the code checks whether an individual contribution meets the required amount:

if (requiredAmount <= msg.value) {
    contribution = requiredAmount;
    remainingETH = msg.value - requiredAmount;

    paidInFull = true;
    round.sideFunded = round.sideFunded == Party.None ? _side : Party.None;
}

This logic works correctly for a single payment that meets or exceeds the required amount. However, if a user submits multiple smaller payments that add up to the required amount, the round.sideFunded attribute may not be set to Party.Requester. This is because the check is performed on a per-call basis, and the round.sideFunded flag only gets set when a single payment covers the full required amount.

As a result, the advanceState function, which relies on the round.sideFunded flag, may incorrectly assume that the requester has not fully covered the deposit, even though they have done so through multiple smaller payments.

Scenario:

Impact

This issue can lead to incorrect contract behavior, such as preventing the proper advancement of a request's state, even when the requester has provided sufficient funds.

Recommendation

Modify the _contribute function to accumulate funds across multiple contributions and check the total against the required amount.

clesaege commented 2 months ago

The requiredAmount is the total required, minus the amount already paid. So previous contributions are counted as they reduce the required amount.