A disputer loses their deposited dispute tokens if someone disputes the tree after them.
The Distributor.disputeTree function is used to dispute a Merkle tree. The function requires the caller to deposit disputeAmount of disputeToken; the caller address is stored in the disputer state variable.
When a dispute is resolved by the governor/guardian via a call to Distributor.resolveDispute, the deposited funds are return to the disputer if the dispute is recognized as valid by the governor/guardian.
Since the Distributor.disputeTree function is not restricted (a tree can be disputed by anyone), itβs likely that when an invalid/malicious tree is submitted, there will be multiple parties willing to dispute it (e.g. the distribution creator and some of the reward claimants). However, any subsequent call to disputeTree will override the disputer address, and thus the previous disputer wonβt be able to get their deposited tokens back after the resolution of the dispute.
Manual review
Consider this change:
diff --git a/contracts/Distributor.sol b/contracts/Distributor.sol
index bc4e49f..df56f5f 100644
--- a/contracts/Distributor.sol
+++ b/contracts/Distributor.sol
@@ -231,7 +231,8 @@ contract Distributor is UUPSHelper {
/// @notice Freezes the Merkle tree update until the dispute is resolved
/// @dev Requires a deposit of disputeToken that'll be slashed if the dispute is not accepted
/// @dev It is only possible to create a dispute for disputePeriod after each tree update
function disputeTree(string memory reason) external {
+ if (disputer != address(0)) revert UnresolvedDispute();
if (block.timestamp >= endOfDisputePeriod) revert InvalidDispute();
IERC20(disputeToken).safeTransferFrom(msg.sender, address(this), disputeAmount);
disputer = msg.sender;
Other
The text was updated successfully, but these errors were encountered:
All reactions