referrerRate is set incorrectly in updateRefferInfo()
Summary
referralInfo.referrerRate is set incorrectly in SystemConfig::updateRefferInfo()
Vulnerability Details
As per documentation referrerRate can be up to a maximum of 30%, but here it is setting to minimum 30% i.e totally opposite & the baseReferralRate is set to 30% by default, which means referrerRate can be as high as possible.
Tool Used
Manual review
Recommendation
I am assuming _referrerRate can't be 0 atleast.
Related Links
Appeal created
finding-SystemConfig-updateReferrerInfo-wrong-referral-rate-combined-check
Valid medium, specific valid inputs by admin will still cause revert in updates to referral info due to incorrect totalRate computation and checks implemented. Note: Downgrade to low severity: This is a valid issue that highlights a valid inconsistency in the docs. In the docs, it was mentioned in the steps that referral rates can be adjusted up to a maximum of 30% as seen in [Step 4. ](https://tadle.gitbook.io/tadle/tadle-incentives-program/referral-program/create-and-manage-referral)but as of now, the minimum refferal rate is 30%. However, since refferals are entirely optional, if a minimum 30% refferal rate is established and the user deems it as too high, he can simply choose not to perform the refferal. Hence, I believe low severity to be appropriate.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.