Agreement scope updates on BattleChain (addAccounts / removeAccounts) synchronously call AttackRegistry:
_getAttackRegistry() reads BattleChainSafeHarborRegistry.getAttackRegistry(), so a valid DAO pointer rotation immediately changes the downstream sync target.
If the new AttackRegistry does not recognize legacy agreements under its current factory mapping, registerContractForExistingAgreement reverts InvalidAgreement(msg.sender), causing Agreement.addAccounts/removeAccounts to revert.
That blocks Agreement owner scope maintenance and can indirectly block ConfidencePool pre-lock scope alignment (setPoolScope) because new intended accounts cannot be made valid in Agreement scope first.
Likelihood:
AttackRegistry pointer rotations are valid protocol operations.
Migration windows with mixed legacy agreements/factory mappings are realistic.
Impact:
DoS of Agreement BattleChain scope updates for affected agreements.
Indirect operational DoS of pre-lock pool scope maintenance/alignment.
During AttackRegistry rotations, enforce migration compatibility before switching pointers:
Ensure the new AttackRegistry's agreement-factory recognition includes legacy agreements, and
Perform/verify agreement migration checks before setAttackRegistry takes effect.
This preserves Agreement scope-sync liveness and avoids downstream pool-scope maintenance failures.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.
The contest is complete and the rewards are being distributed.