Skip to content
This repository has been archived by the owner on May 26, 2023. It is now read-only.

chaduke - getSupportingDocumentsComplete() might return claimIds who have actually not completed their supporting documents #151

Closed
github-actions bot opened this issue Feb 21, 2023 · 4 comments
Closed

chaduke - getSupportingDocumentsComplete() might return claimIds who have actually not completed their supporting documents #151

github-actions bot opened this issue Feb 21, 2023 · 4 comments
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Low/Info A valid Low/Informational severity issue Non-Reward This issue will not receive a payout Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed

Comments

@github-actions
Copy link

github-actions bot commented Feb 21, 2023
edited by hrishibhat
Loading

chaduke

medium

getSupportingDocumentsComplete() might return claimIds who have actually not completed their supporting documents

Summary

getSupportingDocumentsComplete() might return claimIds who have actually not completed their supporting documents.

Vulnerability Detail

getSupportingDocumentsComplete() might return claimIds who have actually not completed their supporting documents because setSupportingDocumentsComplete() will push the _claimID to the list even when _supportingDocumentsComplete == false.

https://github.com/sherlock-audit/2023-02-openq/blob/main/contracts/Bounty/Implementations/OngoingBountyV1.sol#L188-L198

As a result, getSupportingDocumentsComplete() will return a list claimIds including some that have not actually completed their supporting documents.

function getSupportingDocumentsComplete()
        external
        view
        returns (bytes memory)
    {
        return abi.encode(supportingDocumentsCompleteClaimIds);
    }

Impact

getSupportingDocumentsComplete() will return a list claimIds including some that have not actually completed their supporting documents.

Code Snippet

Remix

Tool used

Manual Review

Recommendation

Only push the _claimId only when _supportingDocumentsComplete == true.

function setSupportingDocumentsComplete(bytes calldata _data)
        external
        onlyOpenQ
    {
        (bytes32 _claimId, bool _supportingDocumentsComplete) = abi.decode(
            _data,
            (bytes32, bool)
        );
        supportingDocumentsComplete[_claimId] = _supportingDocumentsComplete;
+     if( _supportingDocumentsComplete)
                 supportingDocumentsCompleteClaimIds.push(_claimId);
    }

Duplicate of #425
@github-actions github-actions bot added the Medium A valid Medium severity issue label Feb 21, 2023
@FlacoJones
Copy link

Will fix by removing Ongoing for now

@FlacoJones FlacoJones added Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed labels Feb 23, 2023
@FlacoJones
Copy link

OpenQDev/OpenQ-Contracts#112

@IAm0x52
Copy link
Collaborator

IAm0x52 commented Mar 5, 2023
edited
Loading

https://github.com/sherlock-audit/2023-02-openq/blob/ba7f35654d6fa7637ef0f6db346e851fb978cde2/contracts/ClaimManager/Implementations/ClaimManagerV1.sol#L482

Should be low. It may be pushed to the array but it still uses the mapping to determine if the documents have actually been provided. So setting it to a false bool would still cause a revert, even though it's in the array. An error that it is in the list but no issue results from it.

@IAm0x52 IAm0x52 mentioned this issue Mar 5, 2023
Closed
@hrishibhat
Copy link
Contributor

Agree with Lead watson comment

@IAm0x52 IAm0x52 mentioned this issue Mar 6, 2023
Closed
@hrishibhat hrishibhat added the Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label label Mar 7, 2023
@sherlock-admin sherlock-admin added Low/Info A valid Low/Informational severity issue Non-Reward This issue will not receive a payout and removed Medium A valid Medium severity issue labels Mar 7, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Low/Info A valid Low/Informational severity issue Non-Reward This issue will not receive a payout Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@hrishibhat @FlacoJones @sherlock-admin @IAm0x52