Dria
Swan
NFTHardhat
21,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Wrong error message in register()::LLMOracleRegistry.sol

0xziin

Summary

Wrong error message in register()::LLMOracleRegistry.sol line 104.

https://github.com/Cyfrin/2024-10-swan-dria/blob/main/contracts/llm/LLMOracleRegistry.sol#L104

Vulnerability Details

// ensure the user has enough allowance to stake
if (token.allowance(msg.sender, address(this)) < amount) {
revert InsufficientFunds();
}
token.transferFrom(msg.sender, address(this), amount);

==> The error shouldn't be InsufficientFunds() but NotEnoughAllowance() instead.

According to the comment this condition ensures that the user has enough allowance to stake.
If the allowance is not enough (amount > allowance), then revert.
If the function reverts with an InsufficientFunds() error, the end user will think he has not enough funds, which is not correct.
Instead the error should indicate that he needs to allow enough for the contract to be able to transfer the correct amount to stake.

Impact

Error messages are there to lead the end user and/or the off chain Dapp connected to the smart contract.
A wrong error message could mislead the end user trying to figure out why his transaction failed.
The off chain Dapps used by the end users will also be impacted if they give back to the users the nature of the error message or take any action regarding this specific error message being wrong.

Tools Used

Github, Manual review.

Recommendations

Replace the code at line 104 :

revert InsufficientFunds();

=> with revert NotEnoughAllowance();

Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.