Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Misleading Error Message for Pool Support Status in BoostController:modifySupportedPool

godwinx

Summary

The modifySupportedPool function in the BoostController contract uses a single error message (PoolNotSupported) when attempting to modify the support status of a pool that is already set to the desired state. This can be misleading, as it suggests that the pool is not supported when, in fact, it is already supported or unsupported.

Vulnerability Details

The modifySupportedPool function checks if the pool's support status matches the desired status (isSupported). If they match, it reverts with the PoolNotSupported error. This error message is misleading and does not accurately reflect the situation.

Current Code:

function modifySupportedPool(address pool, bool isSupported) external onlyRole(MANAGER_ROLE) {
if (pool == address(0)) revert InvalidPool();
if (supportedPools[pool] == isSupported) revert PoolNotSupported(); // <- HERE
supportedPools[pool] = isSupported;
if (isSupported) {
emit PoolAdded(pool);
} else {
emit PoolRemoved(pool);
}
}

Issue:

  • When isSupported is true and the pool is already supported, the error message PoolNotSupported is misleading.

  • When isSupported is false and the pool is already unsupported, the error message PoolNotSupported is also misleading.

Impact

While this issue does not introduce a security vulnerability, it impacts the user experience and code clarity. Users and developers interacting with the contract will receive misleading error messages, which can cause confusion and make debugging more difficult.

Tools Used

  • Solidity Compiler

  • Manual Code Review

Recommendations

Introduce more specific error messages to accurately reflect the situation:

  • PoolAlreadySupported when trying to set a supported pool to true again.

  • PoolAlreadyUnsupported when trying to set an unsupported pool to false again.

Proposed Code:

error PoolAlreadySupported();
error PoolAlreadyUnsupported();
function modifySupportedPool(address pool, bool isSupported) external onlyRole(MANAGER_ROLE) {
if (pool == address(0)) revert InvalidPool();
if (supportedPools[pool] == isSupported) {
if (isSupported) {
revert PoolAlreadySupported();
} else {
revert PoolAlreadyUnsupported();
}
}
supportedPools[pool] = isSupported;
if (isSupported) {
emit PoolAdded(pool);
} else {
emit PoolRemoved(pool);
}
}

With Comment to Understand the logic :

error PoolAlreadySupported();
error PoolAlreadyUnsupported();
function modifySupportedPool(address pool, bool isSupported) external onlyRole(MANAGER_ROLE) {
// Check if the pool address is valid
if (pool == address(0)) revert InvalidPool();
// Check if the pool's support status matches the desired status
if (supportedPools[pool] == isSupported) {
// If the pool is already supported and trying to set it to true again
if (isSupported) {
revert PoolAlreadySupported();
}
// If the pool is already unsupported and trying to set it to false again
else {
revert PoolAlreadyUnsupported();
}
}
// Update the pool's support status
supportedPools[pool] = isSupported;
// Emit the appropriate event based on the new status
if (isSupported) {
emit PoolAdded(pool);
} else {
emit PoolRemoved(pool);
}
}
Updates

Lead Judging Commences

inallhonesty Lead Judge about 2 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.