spengrah
commented
1 year ago badStandings is separate from eligibility. It is a primitive to facilitate other contracts to apply penalties or other accountability measures. It is often the case that somebody is not eligibility but also not in bad standing, ie they are not qualified to wear the hat but they didn't do anything that would warrant being penalized.
ksk2345
medium
Inconsistency of expected behavior when address is ineligible and good standing
Summary
There is inconsistency in the protocol's expected behaviour or desirable outcome when an address is ineligible and good standing.
Refer Documenation : https://github.com/Hats-Protocol/hats-protocol/blob/fafcfdf046c0369c1f9e077eacd94a328f9d7af0/README.md#eligibility
Wearer Eligibility (A) mentions that If an address "Currently wears the Hat" and is "Not Eligible", then "The Hat is revoked".
Wearer Standing (B) mentions that "...; it is possible for an address may be ineligible but in good standing."
Vulnerability Detail
If an address is made ineligible but in good standing, then anyone can call checkHatWearerStatus() and revoke the Hat, making the use case void.
Impact
There will be confusion in the use case where the wearer is ineligible but in good standing.
Code Snippet
https://github.com/Hats-Protocol/hats-protocol/blob/fafcfdf046c0369c1f9e077eacd94a328f9d7af0/src/Hats.sol#L466-L476
Tool used
Manual Review
Recommendation
If the protocol desires that it should be "possible for an address may be ineligible but in good standing", then the "Hat should Not be revoked". In function _processHatWearerStatus, call _burnHat, only if the standing is bad.