Omniscia Olive Audit
RewardsHash Manual Review Findings
RewardsHash Manual Review Findings
RHH-01M: Inexistent Validation of Existing Entry
Type | Severity | Location |
---|---|---|
Logical Fault | RewardsHash.sol:L24 |
Description:
The setCycleHashes
permits the owner to override previously set hashes.
Example:
contracts/rewards/RewardsHash.sol
20function setCycleHashes(uint256 index, string calldata latestClaimableIpfsHash, string calldata cycleIpfsHash) external override onlyOwner {21 require(bytes(latestClaimableIpfsHash).length > 0, "Invalid latestClaimableIpfsHash");22 require(bytes(cycleIpfsHash).length > 0, "Invalid cycleIpfsHash");23
24 cycleHashes[index] = CycleHashTuple(latestClaimableIpfsHash, cycleIpfsHash);25
26 if (index >= latestCycleIndex) {27 latestCycleIndex = index;28 }29
30 emit CycleHashAdded(index, latestClaimableIpfsHash, cycleIpfsHash);31}
Recommendation:
We advise this to be prohibited by ensuring that the entry within cycleHashes[index]
is uninitialized out prior to assignment.
Alleviation:
A require
check was introduced ensuring that the cycle hash hasn't already been set thereby alleviating this exhibit.