First Flight #16: Mafia Takedown

Summary

A vulnerability was found in the quitTheGang function of the Laundrette smart contract. This function allows any gang member to remove any other gang member, which can lead to unauthorized removals and misuse.

Vulnerability Details

The quitTheGang function is intended to allow a gang member to remove themselves from the gang. However, the current implementation allows any gang member to remove any other gang member, not just themselves. Here is the relevant portion of the code:

The account parameter specifies which gang member to remove, and the function allows the caller to specify any account, not just their own. This can lead to situations where malicious gang members remove others without consent.

Impact

The main impacts of this vulnerability are:

1. Unauthorized Removals: Any gang member can remove any other gang member without their consent, leading to potential misuse and disruption within the organization.

2. Loss of Trust: The ability for gang members to remove each other arbitrarily can lead to mistrust and instability within the gang.

3. Operational Disruptions: Critical members could be removed by malicious actors, leading to potential operational disruptions and loss of control.

Tools Used

Manual code review

Recommendations

To resolve this vulnerability, the function should be modified to only allow the caller to remove themselves from the gang. The corrected implementation should use msg.sender instead of an arbitrary account parameter:

1. Restrict Removal to Caller: Ensure that only the caller (msg.sender) can remove themselves from the gang.

The corrected quitTheGang function should be:

By implementing this change, the function will only allow gang members to remove themselves, preventing unauthorized removals of other gang members.

Corrected Function

This modification ensures that the quitTheGang function maintains its intended purpose of self-removal and prevents misuse by restricting the action to the caller.