_authorityRate can't be set, breaking intended functionality of referral system
Summary
In SystemConfig.sol, when updateReferrerInfo() is called with an _authorityRate greater than 0, the function always will revert with either of the two errors found in ISystemConfig.sol, breaking the protocols intended functionality.
error InvalidReferrerRate(uint256 referrerRate);error InvalidRate(uint256 referrerRate, uint256 authorityRate, uint256 totalRate);
Vulnerability Details
When a referrer refers a referree, the referrer is supposed to receive a percentage of the platform fee according to the _referrerRate and the referree is also supposed to receive a portion of the platform fee according to the _authorityRate.
Here's the problematic code (link):
The baseReferralRate is set by the protocol team. For sake of example, let's say it's 300000 (i.e. 30%).
Certain referrers can get a bump in this rate (referralExtraRate) also set by the protocol team, but let's assume it's 0 for this example.
totalRate is 300000 or 30%.
So according to this code block, the _referrerRate + _authorityRate must equal 300000 or the function reverts:
But in the following code block, the _referrerRate must be greater than or equal to 300000, otherwise the function reverts:
These two code block make it impossible for _authorityRate to be set to anything but 0.
Here's a POC fuzz testing (add to PreMarket.t.sol):
Impact
Protocol doesn't function as expected and referrers can't incentivize referrees with an authority rate.
Tools Used
Manual Review / Foundry
Recommendations
Replace this:
With this:
And consider replacing this:
With this:
Lead Judging Commences
finding-SystemConfig-updateReferrerInfo-wrong-referral-rate-combined-check
Valid medium, specific valid inputs by admin will still cause revert in updates to referral info due to incorrect totalRate computation and checks implemented. Note: Downgrade to low severity: This is a valid issue that highlights a valid inconsistency in the docs. In the docs, it was mentioned in the steps that referral rates can be adjusted up to a maximum of 30% as seen in [Step 4. ](https://tadle.gitbook.io/tadle/tadle-incentives-program/referral-program/create-and-manage-referral)but as of now, the minimum refferal rate is 30%. However, since refferals are entirely optional, if a minimum 30% refferal rate is established and the user deems it as too high, he can simply choose not to perform the refferal. Hence, I believe low severity to be appropriate.
Appeal created
finding-SystemConfig-updateReferrerInfo-wrong-referral-rate-combined-check
Valid medium, specific valid inputs by admin will still cause revert in updates to referral info due to incorrect totalRate computation and checks implemented. Note: Downgrade to low severity: This is a valid issue that highlights a valid inconsistency in the docs. In the docs, it was mentioned in the steps that referral rates can be adjusted up to a maximum of 30% as seen in [Step 4. ](https://tadle.gitbook.io/tadle/tadle-incentives-program/referral-program/create-and-manage-referral)but as of now, the minimum refferal rate is 30%. However, since refferals are entirely optional, if a minimum 30% refferal rate is established and the user deems it as too high, he can simply choose not to perform the refferal. Hence, I believe low severity to be appropriate.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.