Tadle
Tadle
DeFi
30,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Lack of Input Validation on Referral Rate and Total Rate in SystemConfig.sol

Jan

Summary

In the updateReferrerInfo function, the contract expects the total of _referrerRate and _authorityRate to be equal to baseReferralRate + referralExtraRate. It checks this condition and reverts if it is not met.

Vulnerability Details

However, no explicit check is done to ensure that _referrerRate and _authorityRate individually do not exceed the unit measure for rates, which is Constants.REFERRAL_RATE_DECIMAL_SCALER. This can potentially lead to errors or vulnerabilities if values larger than expected are passed.

In the updateReferrerInfo function :

function updateReferrerInfo( address _referrer, uint256 _referrerRate, uint256 _authorityRate ) external {
// Validation and other code omitted
uint256 referralExtraRate = referralExtraRateMap[_referrer];
uint256 totalRate = baseReferralRate + referralExtraRate;
if (totalRate > Constants.REFERRAL_RATE_DECIMAL_SCALER) {
revert InvalidTotalRate(totalRate);
}
// ...
}

Impact

the updateReferrerInfo function could return an error value.

Tools Used

Manual Review

Recommendations

I recommend adding checks to validate that _referrerRate and _authorityRate do not exceed Constants.REFERRAL_RATE_DECIMAL_SCALER. This will ensure the consistency of the smart contract and make it more robust against faulty or malicious inputs. Such a check can be introduced as follows:

if (_referrerRate > Constants.REFERRAL_RATE_DECIMAL_SCALER || _authorityRate > Constants.REFERRAL_RATE_DECIMAL_SCALER) {
revert InvalidRateValues(_referrerRate, _authorityRate);
}
Updates

Lead Judging Commences

0xnevi Lead Judge
10 months ago
0xnevi Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.