First Flight #16: Mafia Takedown

First Flight #16

Beginner FriendlyDeFiFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

improper Role Management in `laundrette::quitTheGang`

waydou

Summary

There's an improper Role Management in laundrette::quitTheGang function, allowing any gang member to remove another member from the gang. This functionality should only allow a member to remove themselves.

Vulnerability Details

The laundrette::quitTheGang function currently permits any gang member to remove any other member from the gang, including the godfather. This can lead to significant security risks where a gang member can remove all other members, including the godfather. Since laundrette::addToTheGang has an onlyRole("gangmember") modifier, even the godfather is at risk of losing the ability to add gang members. The godfather should retain all rights and not be subject to removal by other members.

Impact

A gang member can remove all other gang members, including the godfather. This could result in a loss of control over the contract, as the godfather would no longer have the ability to manage gang members if removed.

Place the following into laundrette.t.sol.

function test_removeOtherGangMembers() public {

address traitor = makeAddr("Sal Tessio");

// GodFather adds traitor to the gang

joinGang(traitor);

vm.prank(traitor);

// Traitor revokes the godfather from his gangmember role

laundrette.quitTheGang(godFather);

assertEq(kernel.hasRole(godFather, Role.wrap("gangmember")), false);

}

Tools Used

Manual Review, Foundry

Recommendations:

Modify the quitTheGang function to only allow a member to remove themselves:

- function quitTheGang(address account) external onlyRole("gangmember") {

+ function quitTheGang() external onlyRole("gangmember") {

- kernel.revokeRole(Role.wrap("gangmember"), account);

+ kernel.revokeRole(Role.wrap("gangmember"), msg.sender);

}

Remove the onlyRole("gangmember") modifier from the laundrette::addToTheGang function to ensure the godfather retains the ability to add gang members:

- function addToTheGang(address account) external onlyRole("gangmember") {

+ function addToTheGang(address account) external onlyRole("admin") {

kernel.grantRole(Role.wrap("gangmember"), account);

}

Updates

Lead Judging Commences

n0kto Lead Judge about 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

Gang members ban other members

Rewards breakdown

nSLOC

205

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.