Unrestricted access to referral information update
Summary
Anyone can update referral information.
Vulnerability Details
The updateReferrerInfo() function in the SystemConfig contract allows any external caller to update referral information for any address. The function lacks proper access controls, leading to unauthorized manipulation of referral data.
function updateReferrerInfo(
address _referrer,
uint256 _referrerRate,
uint256 _authorityRate
) external {
if (_msgSender() == _referrer) {
revert InvalidReferrer(_referrer);
}
Any external address can call this function and modify referral information for any user, including setting arbitrary referrer and authority rates, as long as they meet the basic validation checks in the function.
Impact
Anyone can call the function and update referral information.
Tools Used
Manual review
Recommendations
The function should also be restricted to "onlyOwner"
Lead Judging Commences
finding-SystemConfig-updateReferrerInfo-msgSender
Valid high severity. There are two impacts here due to the wrong setting of the `refferalInfoMap` mapping. 1. Wrong refferal info is always set, so the refferal will always be delegated to the refferer address instead of the caller 2. Anybody can arbitrarily change the referrer and referrer rate of any user, resulting in gaming of the refferal system I prefer #1500 description the most, be cause it seems to be the only issue although without a poc to fully describe all of the possible impacts
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.