`SystemConfig::updateReferrerInfo` Updates Referral Mapping Incorrectly
Summary
updateReferrerInfo(address _referrer, uint256 _referrerRate, uint256 _authorityRate) updates the referralInfoMap so that the every account in the protocol will be it's own referrer.
Vulnerability Details
Here is the vulnerable function. The problem is in the following two lines
Notice how it is a mapping of _referrer => _referrer
Next see how the mapping is accessed to mapping is accessed to add referral bonus to a user's account.
In the PreMarkets::createTaker see how the referral address is accessed with this line
This will return the referralInfo struct which will be passed to the _updateReferralBonus.
Then the referral bonus will be added here
Thus the referral bonus will be added to referralInfo.referrer which is equal to msg.sender.
Impact
Referral system is completely broken and does not work as expected.
All accounts will be their own referrer no matter what.
Tools Used
Foundry and manual review
Recommendations
Make the following changes to the SystemConfig::updateReferrerInfo
Lead Judging Commences
finding-SystemConfig-updateReferrerInfo-msgSender
Valid high severity. There are two impacts here due to the wrong setting of the `refferalInfoMap` mapping. 1. Wrong refferal info is always set, so the refferal will always be delegated to the refferer address instead of the caller 2. Anybody can arbitrarily change the referrer and referrer rate of any user, resulting in gaming of the refferal system I prefer #1500 description the most, be cause it seems to be the only issue although without a poc to fully describe all of the possible impacts
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.