Summary

The updateReferrerInfo function in the SystemConfig contract is not properly protected, allowing any user to override the referral information of any _referrer. This undermines the referral point system and can lead to significant issues such as the loss of commissions for legitimate referrers.

Vulnerability Details

The root cause of the vulnerability is that the condition intended to protect the function, _msgSender() == _referrer, is incorrectly implemented, allowing unauthorized users to call this function while denying legitimate referrers the ability to update their rates.

• Found in src/core/SystemConfig.sol at Line 46

@>: the function allows referrers to tweak their commission rates; however, the condition _msgSender() == _referrer fails to prevent others from calling this function while denying the actual referrer the ability to update their rates.

Let us walk through the issue with the following scenario:

1. Alice, a legitimate referrer, attempts to update her commission rate using the updateReferrerInfo function.

2. Bob, a malicious user, identifies that the function allows him to update Alice's referral information due to the incorrect condition check.

3. As a result, Bob can set Alice's commission rate to zero and redirect the entire totalRate to the authority instead, effectively griefing Alice's earnings and undermining the referral system's integrity.

Impact

This vulnerability is severe as it compromises the integrity of the referral system. A malicious actor could exploit this flaw to manipulate referral rates, potentially redirecting earnings from legitimate referrers to the authority party, causing financial losses and damaging the platform's trust.

Tools Used

Manual Review

Recommendations

Correct the condition in the updateReferrerInfo function to ensure that only the legitimate referrer can update their referral information:

References

• Tadle Gitbook: Tweaking Commission Rates