Part 2
Zaros
PerpetualsDEXFoundrySolidity
70,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Any registered engine can overwrite unrelated custom codes

kwakudr

Summary

Any registered engine can overwrite unrelated custom codes. Malicious/compromised engines can hijack existing codes for profit.

Vulnerability Details

function createCustomReferralCode(
address referrer,
string calldata customReferralCode
)
external
onlyRegisteredEngines
{
CustomReferralConfiguration.load(customReferralCode).referrer = referrer;
emit LogCreateCustomReferralCode(referrer, customReferralCode);
}

Any registered engine can overwrite unrelated custom codes. Malicious/compromised engines can hijack existing codes for profit.

Example:

// Step 1: Engine A (legitimate) creates a custom code
Engine A (registered): Creates code "ALPHA" → Referrer Alice
// Storage: "ALPHA" → Alice
// Step 2: Engine B (also registered but potentially malicious) can overwrite
Engine B (registered): Creates code "ALPHA" → Referrer Bob
// Storage: "ALPHA" → Bob (Alice's code is overwritten!)
// Step 3: Users using "ALPHA" now redirect to Bob instead of Alice
User attempts to use "ALPHA" → Points to Bob (Not Alice as intended)

Impact

Malicious engine changes the referrer

Tools Used

Manual Review

Recommendations

Track code ownership or restrict modification.

// Store creator of each custom code
CustomReferralConfiguration.Data storage customReferral = CustomReferralConfiguration.load(key);

require(customReferral.creator == address(0) || customReferral.creator == msg.sender, "Not owner");
customReferral.creator = msg.sender;

Updates

Lead Judging Commences

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Custom Referral Code Conflict Across Engines

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.