Zaros Part 1

Zaros

DeFiFoundry

60,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

User can set `isCustomReferralCode=false` while using `CustomReferralCode`

AllTooWell

Summary

User can set isCustomReferralCode=false while using CustomReferralCode.

Vulnerability Details

Owner can create CustomReferralCode. Normally when user use CustomReferralCode, isCustomReferralCode is set to true. However malicious users can set it to false.

function createTradingAccount(

bytes memory referralCode,

@> bool isCustomReferralCode

)

public

virtual

returns (uint128 tradingAccountId)

{

...............

Referral.Data storage referral = Referral.load(msg.sender);

if (referralCode.length != 0 && referral.referralCode.length == 0) {

@> if (isCustomReferralCode) {

CustomReferralConfiguration.Data storage customReferral =

CustomReferralConfiguration.load(string(referralCode)); //

if (customReferral.referrer == address(0)) {

revert Errors.InvalidReferralCode();

}

referral.referralCode = referralCode;

referral.isCustomReferralCode = true;

@> } else {

address referrer = abi.decode(referralCode, (address));

if (referrer == msg.sender) {

revert Errors.InvalidReferralCode();

}

referral.referralCode = referralCode;

@> referral.isCustomReferralCode = false;

}

emit LogReferralSet(msg.sender, referral.getReferrerAddress(), referralCode, isCustomReferralCode);

}

If a user creates a trading account via createTradingAccount using a custom referral code (referralCode/customReferralCode) generated by the Owner, and sets isCustomReferralCode to false, this will lead to an incorrect condition evaluation (falling into the else branch), resulting in erroneous business logic execution (setting isCustomReferralCode to false).

Impact

This issue causes the custom referral codes (referralCode/customReferralCode) created by the Owner to be incorrectly set as isCustomReferralCode=false, indicating that they are not custom referral codes. This leads to erroneous behavior and does not align with business logic.
This can also cause confusion for other users. For example, when User A is aware that "xxxx" is a custom referral code, and they use getUserReferralData() to query the referral data, incorrect information is returned. In this case, it would return referral.isCustomReferralCode = false. This indicates that the custom referral code is not actually a custom code, creating a contradiction.

Tools Used

manual

Recommendations

Set custom referral code and non-custom referral code with different length. To judge whether it is custom or non-custom based on length.

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

60,000 USDC

nSLOC

2,878

21 USDC / LOC

High Medium

50,000 USDC

Low

5,500 USDC

Judges

4,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!