First Flight #16: Mafia Takedown
First Flight #16
Beginner FriendlyDeFiFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

M-01. Weapons remain assigned if member leaves

enchev

Summary

Weapons remain assigned if a member leaves leading to a contract holding inappropriate state.

Vulnerability Details

The function Laundrette::quitTheGang does not set to 0 the assigned weapons to the left member which are held in WeaponShelf::bank.
This leads to having a state in which there are assigned weapons to a member that left.
The contract WeaponShelf is meant to hold weapons only to users that are in the gang and not resetting the assigned weapons to 0 leads to breaking this functionality.

Impact

Contract holds wrong state - assigned weapons of members that already left. Leaving weapons to past members might be dangerous.

Tools Used

Manual Review

Recommendations

Reset to zero the weapons assigned to the member that left in Laundrette::quitTheGang.

function quitTheGang(address account) external onlyRole("gangmember") {
+ weaponShelf.withdraw(account, weaponShelf.getAccountAmount(account));
+
kernel.revokeRole(Role.wrap("gangmember"), account);
}

Proof Of Concept

  1. Add the following method to LaundretteTest:

function test_memberLeavesButWeaponsRemainsAssigned() public {
vm.prank(godFather);
address user = makeAddr("user");
joinGang(user);
uint256 weaponsToAssign = 5;
vm.prank(godFather);
laundrette.putGunsInTheSuspendedCeiling(user, weaponsToAssign);
vm.prank(user);
laundrette.quitTheGang(user);
assertEq(weaponShelf.getAccountAmount(user), weaponsToAssign);
}

  1. Run this command: forge test --mt test_memberLeavesButWeaponsRemainsAssigned

Updates

Lead Judging Commences

n0kto Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.