Users have no way to revoke the humanity transfer hashes

[hats-bug-reporter[bot]]

Github username: -- Twitter username: -- Submission hash (on-chain): 0xffe7dc5ba99e0c948e876150e3bacb22ba95e0364bb77db0e7bd3a2a53dd542b Severity: medium

Description: Description\

When the humanity is being transferred via. transferHumanity() function. a transfer hash is calculated and later this transfer hash is stored in outgoing transfer mapping.

    function transferHumanity(address _bridgeGateway) external allowedGateway(_bridgeGateway) {

   . . . some code . . .

        // Transfer hash must be unique, hence using timestamp in the packing among the other parameters
        bytes32 tHash = keccak256(
            abi.encodePacked(humanityId, block.timestamp, address(this), bridgeGateways[_bridgeGateway].foreignProxy)
        );

        // Store the transfer details in the struct to use in case future implementations that support transfer retrials / recoveries
        transfer.transferHash = tHash;

   . . . some code . . . 

}

The issue is that, If user reconsiders or notices something malicious about the calculated transfer hash after calling the transferHumanity() function then they should be able to revoke the transfer hash.

For example, if the user transfer humanity and transfer hash is calculated and later he decided to not transfer it to foreign chain or he later understood the transfer hash has been spoofed. To protect themselves the user should be able to revoke transfer hash, otherwise it may lead to loss of humanity even when the user didn't want to transfer as there is no functionality to cancel the transfer hashes.

Recommendations\ Allow the humanity transferrer user to revoke/cancel the transfer hash.

[clesaege]

When the humanity is sent, the bridge is called, so it will be received on the other side. It is not possible to cancel the transfer as otherwise you could transfer, and cancel to keep it while still getting it on the other platform.