Misleading Error Message for Zero Address User Check in updateUserBoost function
Summary
The updateUserBoost function in the BoostController contract checks if the user parameter is the zero address and reverts with the InvalidPool error. This error message is misleading because it suggests that the pool address is invalid, rather than the user address. This can cause confusion for developers and users interacting with the contract.
Vulnerability Details
The updateUserBoost function includes a check for the zero address for the user parameter, but the error message InvalidPool is misleading. The zero address check is necessary to prevent invalid user addresses from being used, but the error message should accurately reflect the issue.
Current Code:
Issue:
The error message
InvalidPoolsuggests that the pool address is invalid, rather than the user address.This can cause confusion and make debugging more difficult.
Impact
While this issue does not introduce a security vulnerability, it impacts the user experience and code clarity. Users and developers interacting with the contract will receive misleading error messages, which can cause confusion and make debugging more difficult.
Tools Used
Solidity Compiler
Manual Code Review
Recommendations
Correct the Error Message:
Change the error message to accurately reflect the issue. Use
InvalidUserinstead ofInvalidPool.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.