First Flight #16: Mafia Takedown
First Flight #16
Beginner FriendlyDeFiFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Unauthorized role revocation in `Laundrette::quitTheGang` allows any gang member to remove others from the gang

irondevx

Summary

Laundrette::quitTheGang allows any gang member to revoke the gangmember role from any other member. This can lead to unauthorized removals of gang members, disrupting the functionality and security of the protocol.

Vulnerability Details

Laundrette::quitTheGang is intended to allow gang members to remove themselves from the gang. However, the current implementation allows any gang member to call this function and specify an arbitrary account to revoke the gangmember role from. The relevant code is as follows:

function quitTheGang(address account) external onlyRole("gangmember") {
@> kernel.revokeRole(Role.wrap("gangmember"), account);
}

Impact

This vulnerability allows any gang member to revoke the gangmember role from other members without their consent. This can lead to disruption of normal workflow, because gang members can constantly revoke other people's roles and prevent them from using the protocol.

Tools Used

Manual code review

Recommendations

Laundrette::quitTheGang should be modified to ensure that gang members can only remove their own role. This can be done by restricting the account parameter to msg.sender. Here is the updated implementation:

-function quitTheGang(address account) external onlyRole("gangmember") {
+function quitTheGang() external onlyRole("gangmember") {
- kernel.revokeRole(Role.wrap("gangmember"), account);
+ kernel.revokeRole(Role.wrap("gangmember"), msg.sender);
}
Updates

Lead Judging Commences

n0kto Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Gang members ban other members

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.