Access Control issue in updateReferrerInfo
Summary
The function updateReferrerInfoin SystemConfig.solallows updating anyones referrer to anyone. In this case any malicious actor can update the referrer of anyone to himself/herself.
NOTE: This issue is in the Cyfrin repo and not the tradle repo. Seems like Cyfrin repo has incorrect implementation. But since the Tradle team confirmed on Discord that Cyfrin repo is the one to be audited upon, this should be valid.
Vulnerability Details
The function updateReferrerInfoin SystemConfig.solallows updating anyones referrer details to anything and lacks the necessary access control checks. In this case, a malicious actor can change anyones(or rather everyones) referralInfo details.
Ex:
Bob is Alice's referrer. If Alice makes a trade, then 30% of the trading fees goes to Bob. But since anyone can call and update the referralInfo, a malicious actor Alan can call the vulnerable function with Bobs address as referrer and change the referrerRateand authorityRatevalues of Bob. Thus when Alice makes a trade it results in less bonus fees for Bob
Impact
Loss of funds
Tools Used
Manual Auditing
Recommendations
Add access control checks for the function in question.
Lead Judging Commences
finding-SystemConfig-updateReferrerInfo-msgSender
Valid high severity. There are two impacts here due to the wrong setting of the `refferalInfoMap` mapping. 1. Wrong refferal info is always set, so the refferal will always be delegated to the refferer address instead of the caller 2. Anybody can arbitrarily change the referrer and referrer rate of any user, resulting in gaming of the refferal system I prefer #1500 description the most, be cause it seems to be the only issue although without a poc to fully describe all of the possible impacts
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.