Open hats-bug-reporter[bot] opened 2 weeks ago
"Another user that has the same humanity id in another chain" that would mean one of them had done an illegal registration "Let's say Alice is on chain B, and wants to claim humanity with id X. Bob is on chain A, and has the humanity with id X." the humanity can either belong to Alice, or to Bob, but can't belong to both at the same time.
As per Proof of Humanity Registry Policy: The default humanity being the bytes20 of the address used.
It is indeed technically possible to register with a wrong Humanity ID, but challengers should challenge any of such submissions.
Per the contest rules, are excluded: Issues about challengers missing some invalid profile submissions/removals (for the purpose of this review, we will assume challengers are perfect and omniscient and that they always challenge invalid actions before the deadline).
Hey @clesaege, regarding the PoH Registry Policy, as per your comment in #51:
"it appears that the registration rules themselves do not define what is the default Humanity ID."
So, as a result, there is no default humanity ID for an address. Regarding the rules, this is not an invalid submission, since the user is legitimate and tries to claim an unclaimed humanity ID.
The rules themselves do not define what is the default Humanity ID, but the code does. So Kleros would rule against those submissions (if in a contract you use terms that you do not define, jurors will have to find out what they mean, here that would be by looking at the code to understand what "default Humanity ID" means).
If your point is that the policy isn't very good as it doesn't define "default Humanity ID" which could confuse non technical users, this would be a duplicate of https://github.com/hats-finance/Proof-Of-Humanity-V2-0xef0709445d394a22704850c772a28a863bb780b0/issues/51.
Per the contest rules, are excluded:
Github username: -- Twitter username: -- Submission hash (on-chain): 0x09c17fcb60c2ab26bcbb7f857e9954497902d774d5fc8c85fdfc56653af49804 Severity: medium
Description: Description\ It is possible to overwrite a humanity in specific circumstances, more specifically, a user has to request to claim humanity by calling
claimHumanity()
. His request has to go through the vouching system, and not be challenged, which makes him eligible toexecuteRequest()
and claim humanity.Another user that has the same humanity id in another chain (this isn't checked at code level as mentioned in issue #51), transfers his humanity to the same chain. The user that transferred his humanity, claims the humanity without issues.
The user that is eligible to call
executeRequest()
, calls it and claims (by overwritting) the humanity id.Attack Scenario\ It is not an attack, it's a scenario which holds true under specific circumstances as mentioned in the Severity Guidelines.
Although here is the scenario that has to take place:
Let's say Alice is on chain B, and wants to claim humanity with id X. Bob is on chain A, and has the humanity with id X.
Alice calls
claimHumanity()
with id X.Alice's request goes through the vouching system and challenging system.
Bob calls
transferHumanity()
to transfer it to chain B.receiveTransfer()
gets called, and Bob claims the humanity with id X on chain B.Alice calls
executeRequest()
and claims humanity with id X by overwritting Bob as owner.Attachments
CrossChainProofOfHumanity.sol@L332-363
ProofOfHumanityExtended.sol@L503-527
ProofOfHumanityExtended.sol@L1186-1215
The recommendation would be to add a way to check if a
claimHumanity
request of the humanity id that will be transferred, is atStatus.Resolving
.