[L-03] Revocation State Inconsistency in CertifierHbbft Contract

[softstackio]

Likelihood: Medium

Description:
The revoke function in the CertifierHbbft contract does not check if the address was previously certified before revoking its certification. This can lead to inconsistent state tracking and potentially misleading event emissions. The function unconditionally sets the certification status to false and emits a Revoked event, even if the address was not certified to begin with.

The vulnerable code is:

function revoke(address _who) external onlyOwner {
   _certified[_who] = false;
   emit Revoked(_who);
}

This implementation could result in:

1. Unnecessary state changes if an uncertified address is revoked.
2. Emission of Revoked events for addresses that were never certified.
3. Inconsistent tracking of certification history.

Recommendation:
Modify the revoke function to check the current certification status before making changes:

function revoke(address _who) external onlyOwner {
   if (_certified[_who]) {
       _certified[_who] = false;
       emit Revoked(_who);
} }

This change ensures that:

1. The state is only modified if the address was previously certified.
2. The Revoked event is only emitted for actually revoked certifications.
3. The function maintains a consistent certification history.