ConfidencePoolFactory.createPool(...) relies on:
But in BattleChain, isAgreementValid is tied to the current s_agreementFactory pointer:
If DAO rotates the registry's factory address via setAgreementFactory(...), agreements created by the previous factory may no longer be recognized by the new factory mapping. Then createPool(...) reverts InvalidAgreement() for those legacy agreements, even if they were previously valid and practical to insure.
Likelihood:
Factory-pointer upgrades/migrations are legitimate operational actions.
Validation in createPool is hard-coupled to the registry's current factory pointer.
Impact:
DoS of new pool creation for affected legacy agreements.
Coverage expansion/new pool rollout can be blocked until off-chain migration/redeployment is completed.
Support legacy-agreement validity across factory migrations, e.g.:
Keep a whitelist/set of previously accepted factory addresses in the registry, or
Keep an explicit legacy agreement allowlist during migration windows.
Either approach preserves createPool liveness for agreements that were valid under prior official factory versions.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.
The contest is complete and the rewards are being distributed.