Duplicate values of registry
Description
The contract's document-management system contains an error in its hash-removal process. When removing or updating a document hash, the function sets registeredHashes[existingHash] = false without verifying if other keys still reference that hash. This leads to isHashRegistered() incorrectly returning false for a hash that may still be associated with other keys in the documentHashes mapping.
In the following, we see the removal process:
else if (value == bytes32(0) && existingHash != bytes32(0)) {
documentHashes[key] = bytes32(0);
registeredHashes[existingHash] = false;
emit DocumentHashRemoved(key, existingHash);
}The issue occurs in the following scenario:
Two different keys point to the same hash value.
The hash value for one key is deleted or changed.
The contract incorrectly assumes the hash value is no longer present anywhere, even though it still exists for the other key.
Impact
This bug can lead to an inconsistent state in the contract, where a hash is still in use but reported as unregistered. This could potentially disrupt operations that rely on accurate hash-registration status.
Recommendations
We recommend enforcing uniqueness of hash values across all keys. This can be achieved by checking if the hash is already registered before adding a new one via the following in the function body:
require(!registeredHashes[value], "Hash already registered");