Weird behavior upon a user setting/not setting a referrer
Whenever users create a trading account, they can set a referrer. We have the following 2 lines there (if we end up in the if check, we set a referrer):
We can see that the first condition of the if check is for the user to specify referralCode
. This, of course, makes sense as he can decide that he doesn't want to set a referrer. The second condition is for the user to not have a referrer already. We can also see that the line above fetches the data of the referral based on the msg.sender
. That means that if Bob created a trading account, set Alice as referrer, then created a second trading account and tried to set Alice as referrer, this would not work as even though this is a new trading account, the msg.sender
is still equal to Bob's address in both cases, thus the second condition in the if check would not pass.
Now, this can be exactly the idea of the developers (or possibly not, who knows). It makes sense that if Bob already had an account, he shouldn't be able to do so again on his second account as if he was referred by someone, he would have already put him as the referrer. However, let's imagine that Bob did not set a referrer the first time. Now, whenever he creates a second trading account, he will be able to set one as the data about the referral will be empty.
This creates the following scenario - if Bob was referred by someone and he set him as a referrer, he won't be able to set a referrer on his second trading account. However, if he didn't set someone as a referrer on his first account, he will be able to set a referrer on his second trading account. This shouldn't be the case as Bob is already a trader, he was not referred by anyone when he created his second trading account, thus even if he didn't actually set a referrer on his first account (due to the fact that no one actually referred him to the protocol or he simply decided not to), he shouldn't be able to set a referrer on his second account.
For example:
Bob finds out about the protocol on his own and he doesn't set anyone as referrer when creating his account
He then finds out that he can refer someone and decides to cheat the system by creating a second account and this time, setting a referrer
This will of course work and the checks would pass
The protocol should either allow all traders to set a new referrer no matter how many accounts they have and will create (if that is their idea) or should not allow a user who already has created an account, to set a referrer on his second account (most likely what the protocol should do based on what I believe was their idea).
Weird behavior upon a user setting/not setting a referrer
Manual Review
Whenever someone creates an account and doesn't set a referrer, still set him a special placeholder referrer that signalizes that he doesn't actually have a referrer. Next time he creates an account, do not allow him to set a referrer if he already has that placeholder as a referrer.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.