Tadle

https://github.com/Cyfrin/2024-08-tadle/blob/main/src/core/SystemConfig.sol#L41-L80

Summary

The updateReferrerInfo function in the SystemConfig contract lacks proper access control, allowing any external user to call the function and alter the referral settings, including rates for referrers and authorities. This vulnerability could be exploited by malicious actors to manipulate referral data.

Vulnerability Details

The function is marked as external, meaning it is accessible by any user or contract interacting with it. The only condition checked is whether the _msgSender() is the same as _referrer, which only prevents the referrer from updating their own information but does not restrict other users from doing so. The absence of a restrictive modifier like onlyOwner or a dedicated access control mechanism allows unauthorized users to update referral information.

Impact

Malicious users can arbitrarily change referral rates, increasing their gains or negatively impacting other users' earnings. Such vulnerabilities can harm the platform's reputation by undermining user trust in the referral system's fairness and security.

Tools Used

Manual review

Recommendations

Use the onlyOwner modifier from OpenZeppelin's Ownable library to restrict access to the function, ensuring only the contract owner or a designated authority can update referral information or introduce additional checks to verify the legitimacy of the caller, such as a whitelist or specific administrative verification process, ensuring that only trusted entities can update sensitive referral settings.