First Flight #16: Mafia Takedown

First Flight #16

Beginner FriendlyDeFiFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: low

Valid

Gang Member role not assigned to GodFather during deployment

josh4324

Summary

The deployment script includes a critical flaw because the godFather was not assigned the gang member role, the godFather is expected to add new gang members. However, the addToTheGang function requires the user calling the function to be the godFather and have a gangMember role. This issue can render the contract unusable because the godFather cannot add new gang members without first being assigned the gangMember role. There is no godFather without gang member.

Vulnerability Details

The godFather is the user meant to oversee and manage the addition of new gang members. During deployment, gang member role is not granted to the godFather, but the Laundrette contract’s function addToTheGang requires the caller to be the godFather and have a gangMember role to add new members. This requirement is logically flawed because it prevents the godFather from performing their primary function without already having a role that only they can assign.

Vulnerability Details:
Location: addToTheGang function

Issue: The addToTheGang function checks if the caller has both godFather and gangMember roles. Since the godFather role is not granted the gangMember role, the godFather cannot fulfill their role of adding new gang members.

Type: Logical flaw in role assignment and access control

function deploy() public returns (Kernel, IERC20, CrimeMoney, WeaponShelf, MoneyShelf, Laundrette) {

godFather = msg.sender;

// Deploy USDC mock

HelperConfig helperConfig = new HelperConfig();

IERC20 usdc = IERC20(helperConfig.getActiveNetworkConfig().usdc);

Kernel kernel = new Kernel();

CrimeMoney crimeMoney = new CrimeMoney(kernel);

WeaponShelf weaponShelf = new WeaponShelf(kernel);

MoneyShelf moneyShelf = new MoneyShelf(kernel, usdc, crimeMoney);

Laundrette laundrette = new Laundrette(kernel);

kernel.grantRole(Role.wrap("moneyshelf"), address(moneyShelf));

kernel.executeAction(Actions.InstallModule, address(weaponShelf));

kernel.executeAction(Actions.InstallModule, address(moneyShelf));

kernel.executeAction(Actions.ActivatePolicy, address(laundrette));

kernel.executeAction(Actions.ChangeAdmin, address(laundrette));

kernel.executeAction(Actions.ChangeExecutor, godFather);

return (kernel, usdc, crimeMoney, weaponShelf, moneyShelf, laundrette);

}

Impact

This vulnerability can lead to the following issues:

Functionality Lockout: The godFather cannot add new gang members, effectively preventing the use of the contract for its intended purpose.

Operational Halt: Without the ability to add new members, the contract’s operation comes to a standstill, impacting all potential functionalities relying on the addition of gang members.

Proof of Concept

The deployment script is deployed by owner, and it does not assign a gang member role to the godfather
The god father tries to add a gang member and the function reverted

Proof of Code

function test_addGang() public {

address add1 = makeAddr("add1");

address add2 = makeAddr("add2");

vm.prank(godFather);

vm.expectRevert();

laundrette.addToTheGang(add1);

}

Tools Used

Manual Review

Recommendations

Recommendations:
Initial Role Assignment:

Ensure that during deployment, the godFather is granted the gangMember role.
Alternatively, remove the requirement for the godFather to have the gangMember role in the addToTheGang function.

function deploy() public returns (Kernel, IERC20, CrimeMoney, WeaponShelf, MoneyShelf, Laundrette) {

godFather = msg.sender;

// Deploy USDC mock

HelperConfig helperConfig = new HelperConfig();

IERC20 usdc = IERC20(helperConfig.getActiveNetworkConfig().usdc);

Kernel kernel = new Kernel();

CrimeMoney crimeMoney = new CrimeMoney(kernel);

WeaponShelf weaponShelf = new WeaponShelf(kernel);

MoneyShelf moneyShelf = new MoneyShelf(kernel, usdc, crimeMoney);

Laundrette laundrette = new Laundrette(kernel);

kernel.grantRole(Role.wrap("moneyshelf"), address(moneyShelf));

+ kernel.grantRole(Role.wrap("gangmember"), godFather);

kernel.executeAction(Actions.InstallModule, address(weaponShelf));

kernel.executeAction(Actions.InstallModule, address(moneyShelf));

kernel.executeAction(Actions.ActivatePolicy, address(laundrette));

kernel.executeAction(Actions.ChangeAdmin, address(laundrette));

kernel.executeAction(Actions.ChangeExecutor, godFather);

return (kernel, usdc, crimeMoney, weaponShelf, moneyShelf, laundrette);

}

Test the add gang menber function again, it will pass now.

function test_addGang() public {

address add1 = makeAddr("add1");

address add2 = makeAddr("add2");

vm.prank(godFather);

laundrette.addToTheGang(add1);

}

Updates

Lead Judging Commences

n0kto Lead Judge over 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

GodFather is not a gang member

Rewards breakdown

nSLOC

205

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.