Missing check on the referrer_ argument of the claimIncentiveFor function here allows for a referral farmer to claim the referral fee on all the claims.
Root Cause
The referrer_ can be configured to the farmer's address and an incentive can be claimed on their behalf even if the _referrer has not actually referred the claimant.
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
The protocol potentially loses out on fees which are routed to the referral farmer who has not done any work. These fees would normally be taken by the protocol so the protocol is directly missing out on funds that it would have collected in form of protocol fees.
PoC
No response
Mitigation
Maintain a mapping claimants and the respective referrers and make a input validation check on the referrer when an incentive is claimed.
0xsome
Medium
A referral farmer can take protocol fee share
Summary
Missing check on the
referrer_argument of theclaimIncentiveForfunction here allows for a referral farmer to claim the referral fee on all the claims.Root Cause
The
referrer_can be configured to the farmer's address and an incentive can be claimed on their behalf even if the_referrerhas not actually referred the claimant.Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
The protocol potentially loses out on fees which are routed to the referral farmer who has not done any work. These fees would normally be taken by the protocol so the protocol is directly missing out on funds that it would have collected in form of protocol fees.
PoC
No response
Mitigation
Maintain a mapping claimants and the respective referrers and make a input validation check on the referrer when an incentive is claimed.