The SystemConfig::updateReferrerInfo
function can be called by anyone, which allows unauthorized users to modify referrer information. The function's access control should be more restrictive to prevent this.
Within the SystemConfig::updateReferrerInfo
function, there is no owner modifier or access control check, aside from the following:
However, this check is insufficient because msg.sender
is not used anywhere else in the function. The function relies only on the _referrer
parameter for making changes to storage. This means an attacker can bypass the check by calling the function from a different wallet while passing in the desired _referrer
value.
Unauthorized users can alter referrer information, leading to potential exploitation.
Manual review.
Implement stricter validation of msg.sender
within the function to ensure that only authorized users can make changes.
Valid high severity. There are two impacts here due to the wrong setting of the `refferalInfoMap` mapping. 1. Wrong refferal info is always set, so the refferal will always be delegated to the refferer address instead of the caller 2. Anybody can arbitrarily change the referrer and referrer rate of any user, resulting in gaming of the refferal system I prefer #1500 description the most, be cause it seems to be the only issue although without a poc to fully describe all of the possible impacts
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.