Open hats-bug-reporter[bot] opened 1 month ago
I don't an issue with the validation, except for
Whether users are already registered for the specified phase.
Which is validated on teach phase e.g
function _participatePhase1() internal returns (uint256 oTAPTokenID) {
uint256 _eligibleAmount = phase1Users[msg.sender];
if (_eligibleAmount == 0) revert NotEligible();
// Close eligibility
phase1Users[msg.sender] = 0;
// Mint aoTAP
uint128 expiry = uint128(lastEpochUpdate + EPOCH_DURATION); // Set expiry to the end of the epoch
oTAPTokenID = aoTAP.mint(msg.sender, expiry, uint128(PHASE_1_DISCOUNT), _eligibleAmount, epoch);
}
Thank you for your feedback. I wanted to draw a parallel to your registerUsers function, which already includes comprehensive validation checks to ensure data integrity. These checks include:
For consistency and to prevent potential issues, I believe it's important to incorporate similar validation checks into the registerUsersForPhase
function
Github username: @Jelev123 Twitter username: zhulien_zhelev Submission hash (on-chain): 0x798b706f9bdb346e5f63bde1d4a4de39a7c31b350596614d5439114c644a2f1e Severity: medium
Description: Description\ The
registerUsersForPhase
function in the contract is designed to register users with their eligible amounts for specific phases (either phase 1 or phase 4 and above). However, the function lacks essential validation checks, which can lead to various data integrity issues. Specifically, the function does not verify:Without these checks, the function can register invalid data, leading to potential exploits and incorrect state in the contract.
registerUsersForPhase
Recommendation