The expected behavior is that a pool should track the lifecycle of the binding BattleChain agreement for the scoped contracts it insures.
Right now, pool creation validates only:
The agreement is factory-created (isAgreementValid), and
Each account is in that agreement’s scope (isContractInScope).
The issue is that these checks do not prove the provided agreement is the binding agreement for those contracts. If a valid-but-non-binding agreement is used, the pool can monitor the wrong agreement state and resolve incorrectly.
Supporting semantics from BattleChain interfaces:
And the pool later reads state by agreement address:
Likelihood:
BattleChain explicitly separates “in scope” from “binding agreement”, so this mismatch condition is structurally possible.
A pool creator controls which valid agreement address is passed into createPool.
Impact:
The pool can observe a quiet lifecycle (NOT_DEPLOYED/non-terminal) while the real binding agreement transitions to UNDER_ATTACK/CORRUPTED.
This breaks the insurance intent: resolution can follow the wrong lifecycle and produce an incorrect payout outcome.
At pool creation, verify binding agreement consistency for each scoped account:
Resolve current attack registry from safeHarborRegistry.getAttackRegistry()
For each account in accounts, require:
IAttackRegistry(attackRegistry).getAgreementForContract(account) == agreement
Revert on mismatch
This keeps pool lifecycle tracking aligned with BattleChain’s canonical binding-resolution model.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.
The contest is complete and the rewards are being distributed.