Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Misleading Error Message in Pool Support Modification Function

0xgee001

Summary

The modifySupportedPool function in BoostController.sol uses a confusing and semantically incorrect error message when checking for redundant pool support modifications. The error message PoolNotSupported() suggests the pool is not supported when actually checking for an invalid state transition.

Vulnerability Details

In the BoostController contract:

function modifySupportedPool(address pool, bool isSupported) external onlyRole(MANAGER_ROLE) {
if (pool == address(0)) revert InvalidPool();
// ❌ WRONG: Misleading error message
if (supportedPools[pool] == isSupported) revert PoolNotSupported();
supportedPools[pool] = isSupported;
if (isSupported) {
emit PoolAdded(pool);
} else {
emit PoolRemoved(pool);
}
}

The issue arises because:

  1. Error message suggests pool is not supported

  2. Actually checking for redundant operation where:

    • Trying to add an already supported pool

    • Trying to remove an already unsupported pool

  3. Creates confusion for integrators and users

  4. Makes debugging more difficult

Impact

  • Confusing error messages for protocol integrators

  • Potential misunderstandings during debugging

  • Could lead to incorrect error handling in frontend applications

Tools Used

Manual code review

Recommendations

  1. Create specific error for redundant operations:

contract BoostController {
error RedundantPoolOperation();
// or more specific errors:
error PoolAlreadySupported();
error PoolAlreadyUnsupported();
function modifySupportedPool(address pool, bool isSupported) external onlyRole(MANAGER_ROLE) {
if (pool == address(0)) revert InvalidPool();
if (supportedPools[pool] == isSupported) revert RedundantPoolOperation();
supportedPools[pool] = isSupported;
if (isSupported) {
emit PoolAdded(pool);
} else {
emit PoolRemoved(pool);
}
}
}

  1. Split into separate functions for better clarity:

function addSupportedPool(address pool) external onlyRole(MANAGER_ROLE) {
if (pool == address(0)) revert InvalidPool();
if (supportedPools[pool]) revert PoolAlreadySupported();
supportedPools[pool] = true;
emit PoolAdded(pool);
}
function removeSupportedPool(address pool) external onlyRole(MANAGER_ROLE) {
if (pool == address(0)) revert InvalidPool();
if (!supportedPools[pool]) revert PoolAlreadyUnsupported();
supportedPools[pool] = false;
emit PoolRemoved(pool);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.