God Father is not granted the gang member role in Deploy Scripts will cause DoS for them to certain functions in `Laundrette`
Summary
The certain functions in Laundrette which can be called by God Father also has a gangmember check on them which makes it mandatory for the God Father to also be a gangmember role.
But as the God Father is not granted the gangmember role in Deploy Script it will lead to DoS for God Father to certain functions, as God Father cannot be made gangmember after running the Deploy scripts.
Vulnerability Details
The vulnerability arises due to the fact that God Father is also required to be a
gangmember, but is not granted a role in the Deploy Scripts, and cannot be later added as gang member because only the admin role can do that and this role is given toLaundretteandLaundrettehasaddToTheGangfunction which has a condition for the caller to be both God Father and gangmember.As a result of which God Father will face DoS in certain functions.
Impact
God Father faces DoS in Laundrette contract to functions such as withdrawMoney, addToTheGang, takeGuns.
Tools Used
Manual Review
Recommendations
Make the God Father the gangmember via the Deploy Scripts Deployer.s.sol
Add the below line just next to line 39
Lead Judging Commences
GodFather is not a gang member
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.