Zaros Part 1

Zaros

DeFiFoundry

60,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Unsafe Type Casting in Referral Code Handling

0xshoonya

Summary

Direct casting of bytes to string could lead to misattributed referrals or failure to recognize valid custom referral codes

Vulnerability Details

The createTradingAccount function accepts a bytes memory referralCode parameter, which is then directly cast to a string when calling CustomReferralConfiguration.load(string(referralCode)).

function createTradingAccount(

bytes memory referralCode,

bool isCustomReferralCode

)

public

virtual

returns (uint128 tradingAccountId)

{

....snip....

if (referralCode.length != 0 && referral.referralCode.length == 0) {

if (isCustomReferralCode) {

@> CustomReferralConfiguration.Data storage customReferral =

CustomReferralConfiguration.load(string(referralCode));

if (customReferral.referrer == address(0)) {

revert Errors.InvalidReferralCode();

}

referral.referralCode = referralCode;

referral.isCustomReferralCode = true;

....snip....

The conversion from bytes to a string requires that the bytes are in UTF-8 format. Even if the bytes data is valid UTF-8, it might not represent the intended string. Misinterpreting the bytes as a string can lead to incorrect referral code processing.

Impact

If the bytes data in referralCode is misinterpreted as a string, it could result in misattributed referrals or failure to recognize valid custom referral codes.

Tools Used

Manual Review

Recommendations

use abi.decode to safely convert bytes to string

if (isCustomReferralCode) {

+ string memory referralCodeStr = abi.decode(referralCode, (string));

- CustomReferralConfiguration.Data storage customReferral =

- CustomReferralConfiguration.load(string (referralCode));

+ CustomReferralConfiguration.Data storage customReferral =

+ CustomReferralConfiguration.load(referralCodeStr);

if (customReferral.referrer == address(0)) {

revert Errors.InvalidReferralCode();

}

referral.referralCode = referralCode;

referral.isCustomReferralCode = true;

}

Updates

Lead Judging Commences

inallhonesty Lead Judge

about 1 year ago

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

60,000 USDC

nSLOC

2,878

21 USDC / LOC

High Medium

50,000 USDC

Low

5,500 USDC

Judges

4,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.