Insecure Implementation of quitTheGang Function in The Laundrette Contract
Summary
The quitTheGang function in The Laundrette contract is intended to allow gang members to exit the mafia. However, it is vulnerable to abuse by malicious gang members who can use it to forcibly remove other members from the mafia. This is due to the lack of a proper validation check to ensure that the account being removed is the same as the msg.sender.
Vulnerability Details
Function: quitTheGang
Issue: The function allows any gang member to specify an account to be removed without verifying that the specified account is the msg.sender.
Missing Check: The function should include a check to ensure that the account parameter is the same as the msg.sender.
Impact
Unauthorized Removal: Malicious gang members can remove other gang members without their consent, leading to potential disruption and loss of membership.
Trust Issues: The ability for unauthorized removal can lead to trust issues within the gang and compromise the integrity of the mafia's operations.
Proof of Concept
Godfather adds new gang members
gang member call the quitTheGang method and adds another gang member account
Proof of Code
Tools Used
Manual Review
Recommendations
Implement a Sender Check: Modify the quitTheGang function to include a check that ensures only the msg.sender can initiate their own removal.
Lead Judging Commences
Gang members ban other members
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.