First Flight #16: Mafia Takedown

First Flight #16

Beginner FriendlyDeFiFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

Gangmembers can remove other gangmembers

mattjenkins

Summary

Gangmembers have the ability to remove other gangmembers from the gang, even the GodFather. This should be the right of the GodFather only.

Vulnerability Details

A missing modifier on the quitTheGang function allows other mischievous gangmembers to boot their fellow criminals out of the gang and not able to get their USDC back unless they can convince the GodFather to waste even more of his/her precious time on this blockchain nonsense.

If a gangmember is really brave, they can remove the GodFather from the gang and cause even more illicit misery.

To resolve, there is code below that the GodFather would need to perform to re-instate themselves as a gangmember and reassert authority and give themselves time to go find a sharp knife.

Impact

Inconvenience and the threat of lost digits for gang-members and a waste of effort, time and blood-pressure tablets for the GodFather.

Tools Used

forge test to prove this out. Most of the actions in this test shouldn't really happen!

function test_leavingGang() public {

// Low level adding of godfather to the gang group

vm.prank(kernel.admin());

kernel.grantRole(Role.wrap("gangmember"), godFather);

// Can we add godfather, and then remove him and then have a gangmember remove the godfather and bugger all future adds unless done direct in kernel.

vm.prank(godFather);

laundrette.addToTheGang(gangmember1);

// only godfather (gangmember) can add

vm.prank(gangmember1);

vm.expectRevert();

laundrette.addToTheGang(gangmember2);

vm.prank(godFather);

laundrette.addToTheGang(gangmember2);

// but they can remove gangmembers

vm.prank(gangmember1);

laundrette.quitTheGang(gangmember2);

vm.prank(gangmember1);

laundrette.quitTheGang(godFather);

vm.prank(godFather);

vm.expectRevert();

laundrette.addToTheGang(gangmember2);

vm.startPrank(godFather);

kernel.executeAction(Actions.ChangeAdmin, godFather);

kernel.grantRole(Role.wrap("gangmember"), godFather);

kernel.executeAction(Actions.ChangeAdmin, address(laundrette));

vm.stopPrank();

vm.prank(godFather);

laundrette.addToTheGang(gangmember2);

}

Recommendations

Add the right modifier to the quitTheGang function :

- function quitTheGang(address account) external onlyRole("gangmember") {

+ function quitTheGang(address account) external onlyRole("gangmember") isGodFather {

Updates

Lead Judging Commences

n0kto Lead Judge over 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

Gang members ban other members

Rewards breakdown

nSLOC

205

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.