c4-judge
commented
1 year ago GalloDaSballo marked the issue as unsatisfactory: Invalid
Closed code423n4 closed 1 year ago
c4-judge
commented
1 year ago GalloDaSballo marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2022-12-tigris/blob/588c84b7bb354d20cbca6034544c4faa46e6a80e/contracts/Referrals.sol#L32-L41
Vulnerability details
Impact
Incorrect data: If the '_referred' or 'protocol' variables are set to incorrect values, it could result in incorrect or unexpected behavior in the contract.
Manipulation: Malicious actors could potentially exploit this vulnerability to manipulate the system in their favor. For example, they could set the protocol variable to their own address to gain control of the contract.
Proof of Concept
The 'setReferred' and 'setProtocol' functions in the Referrals contract allow anyone to set the _referred and protocol variables, respectively, without any checks or restrictions. This could potentially lead to incorrect data being set or malicious actors manipulating the system.
Tools Used
Mythril and Truffle
Recommended Mitigation Steps
To mitigate this vulnerability, the setReferred and setProtocol functions should be modified to include appropriate checks and restrictions. For example, the setReferred function could be modified to only allow the protocol address to set the _referred variable, and the setProtocol function could be modified to only allow the contract owner to set the protocol variable.