Tadle

Tadle
DeFiFoundry
27,750 USDC
View results
Submission Details
Severity: high
Valid

Lack of Access Control in SystemConfig::updateReferrerInfo Allows Unauthorized Referrer Modifications

Summary

The SystemConfig::updateReferrerInfo function can be called by anyone, which allows unauthorized users to modify referrer information. The function's access control should be more restrictive to prevent this.

Vulnerability Details

Within the SystemConfig::updateReferrerInfo function, there is no owner modifier or access control check, aside from the following:

if (_msgSender() == _referrer) {
revert InvalidReferrer(_referrer);
}

However, this check is insufficient because msg.sender is not used anywhere else in the function. The function relies only on the _referrer parameter for making changes to storage. This means an attacker can bypass the check by calling the function from a different wallet while passing in the desired _referrer value.

Impact

Unauthorized users can alter referrer information, leading to potential exploitation.

Tools Used

Manual review.

Recommendations

Implement stricter validation of msg.sender within the function to ensure that only authorized users can make changes.

Updates

Lead Judging Commences

0xnevi Lead Judge 12 months ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-SystemConfig-updateReferrerInfo-msgSender

Valid high severity. There are two impacts here due to the wrong setting of the `refferalInfoMap` mapping. 1. Wrong refferal info is always set, so the refferal will always be delegated to the refferer address instead of the caller 2. Anybody can arbitrarily change the referrer and referrer rate of any user, resulting in gaming of the refferal system I prefer #1500 description the most, be cause it seems to be the only issue although without a poc to fully describe all of the possible impacts

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.