User Can Self-Refer With Custom Referral Code
Summary
The contract allows users to self-refer using custom referral codes, which can lead to unfair offchain incentives and exploitation.
Vulnerability Details
The root cause of the vulnerability is that the code at Line 260 only checks for address zero whereas does not prevent users from self-referring with a custom referral code (ie. customReferral.referrer == msg.sender). Specifically, if a user creates a trading account with a custom referral code, the contract does not check if the referrer is the same as the msg.sender.
Found in src/perpetuals/branches/TradingAccountBranch.sol at Line 260
Let us walk through the issue with the following scenario:
Alice creates a trading account and uses a custom referral code where she is the referrer.
The contract does not check if Alice is trying to refer herself.
As a result, Alice benefits from incentives that should have been restricted to external referrals only.
Impact
The vulnerability allows users to exploit the referral system by self-referring with custom referral codes, potentially leading to unfair incentives and rewards.
Tools Used
Manual Review
Recommendations
Patch the code by updating the condition to check if the custom referral code's referrer is either address(0) or the msg.sender. Update line 260 from:
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.