First Flight #16: Mafia Takedown
First Flight #16
Beginner FriendlyDeFiFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Any Gang Member can force the godFather to quit the gang resulting in a DOS until the godFather re-joins the gang.

poolig4n

Description
A gang member can remove the godfather from the gang by calling: Laundrette::quitTheGang

function quitTheGang(address account) external onlyRole("gangmember") {
kernel.revokeRole(Role.wrap("gangmember"), account);
}

The GodFather cannot call Laundrette::addToTheGang as they're no longer a gang member.

function addToTheGang(address account) external
onlyRole("gangmember") isGodFather {
kernel.grantRole(Role.wrap("gangmember"), account);
}

Impact
This can cause confusion and disruption to the gang's operations as the godFather is not able to perform any actions that require the gangmember role. The role can be reinstated using the kernel module directly to add the role.

Recommended mitigation

  • Add a check to prevent gang members from calling this with other gang members accounts, or

  • Require the godFather to be the only one permitted to call Laundrette::quitTheGang, if this is the preferable option consider refactoring to providing a specific GodFather Policy to keep separations of concern clean, alternately simply add the isGodFather Modifier.

Tools Used

  • Manual review

  • Unit Test

Updates

Lead Judging Commences

n0kto Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Gang members ban other members

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.