Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

[L-1] Incorrect Error Message for Time-Based Checks

player

Description:
In the FeeCollector::applyTreasuryUpdate and FeeCollector::applyRepairFundUpdate functions, the contract uses a time-based check to ensure that an update can only be applied after a certain effective time. However, if this condition is not met, the contract reverts with UnauthorizedCaller(), which is misleading since the failure is due to timing rather than unauthorized access.

Impact:
The use of an incorrect error message may confuse developers and users during debugging or audits, potentially leading to misinterpretation of the failure condition. While the issue is of low severity, it is important for maintaining clarity and proper error handling throughout the contract.

Proof of Concept:

if (block.timestamp < pendingRepairFund.effectiveTime) revert UnauthorizedCaller(); //@audit wrong error.
if (block.timestamp < pendingTreasury.effectiveTime) revert UnauthorizedCaller(); //@audit wrong error.

The error message UnauthorizedCaller() does not accurately reflect the condition that the update is not yet effective.

Recommended Mitigation:
Update the revert conditions to use a more appropriate error message that clearly indicates the timing issue. For example, define and use an error like UpdateNotEffective():

if (block.timestamp < pendingRepairFund.effectiveTime) revert UpdateNotEffective();
if (block.timestamp < pendingTreasury.effectiveTime) revert UpdateNotEffective();

Ensuring that error messages accurately describe the failure conditions will improve code clarity and help in proper debugging and auditing efforts.

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.