Lack of Clear Error Messages
Summary
The function performUpdate in the provided contract contains error messages that lack sufficient clarity and detail. This may cause difficulties for developers and integrators when debugging or diagnosing issues. While this issue does not directly lead to financial losses or exploits, it can hinder system transparency and usability, potentially delaying resolution of operational errors.
Vulnerability Details
Affected Code:
Pool Registration Check:
require(rule != address(0), "Pool not registered");
The message
"Pool not registered"is generic and does not indicate whether the pool address is invalid, uninitialized, or removed from the system.
Tools Used
Manual Review
Recommendations
Improve Error Messages for Better Context:
Provide descriptive messages that include additional information to explain why the condition failed. For example:
require(_pool != address(0), "Invalid pool address");
Lead Judging Commences
Informational or Gas / Admin is trusted / Pool creation is trusted / User mistake / Suppositions
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.