_payPayee may be called with 0 value leading to potential cluttered logs

[hats-bug-reporter[bot]]

Github username: -- Twitter username: -- Submission hash (on-chain): 0xa12d42f476f20830a264cbc23a927d34e2ef13fd1e0364ee588147dbb15ca3be Severity: low

Description: Description\ At _processHistoryItem function the answer_takeover_fee will be equal to queued_funds if queued_funds == bond , which would lead to calling _payPayee with zero value.

_payPayee(question_id, payee, queued_funds - answer_takeover_fee); The queued_funds and answer_takeover_fee variables above, are both equal to bond .

Attachments

1. Proof of Concept (PoC)

uint256 answer_takeover_fee = (queued_funds >= bond) ? bond : queued_funds;
// Settle up with the old (higher-bonded) payee
_payPayee(question_id, payee, queued_funds - answer_takeover_fee);

2. Revised Code\ Either change the boolean statement to strictly greater than or check if queued_funds - answer_takeover_fee is greater than zero before calling _payPayee .

uint256 answer_takeover_fee = (queued_funds >= bond) ? bond : queued_funds;
// Settle up with the old (higher-bonded) payee
++ if(queued_funds - answer_takeover_fee > 0) {
_payPayee(question_id, payee, queued_funds - answer_takeover_fee);
++ }

[clesaege]

There if no issue in "doing 0". Filtering logs is a frontend job.

Per competition rules, are excluded:

• Issues in third party contracts (those in the interaction folder + Kleros + Curate + DAI) which do not lead to issues with Seer (if you find those, we'll help you report them to their respective projects).

• Issues where the user is harming itself by interacting improperly with the contracts. It's possible for the users to call functions with improper parameters, incompatible tokens, etc but we assume that functions are called properly similarly to how they are called in the frontend. It's the job of smart contracts to protect against malicious behaviours, but it's the job of the frontend to protect against stupid ones!