Referrer can drain ReferralFeePoolV0 #55

code423n4 · 2021-10-25T09:18:48Z

Handle

gzeon

Vulnerability details

Impact

function claimRewardAsMochi in ReferralFeePoolV0.sol did not reduce user reward balance, allowing referrer to claim the same reward repeatedly and thus draining the fee pool.

Proof of Concept

https://github.com/code-423n4/2021-10-mochi/blob/main/projects/mochi-core/contracts/feePool/ReferralFeePoolV0.sol
L28-47 did not reduce user reward balance

Tools Used

None

Recommended Mitigation Steps

Add the following lines

rewards -= reward[msg.sender];
reward[msg.sender] = 0;

code423n4 added 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working labels Oct 25, 2021

code423n4 added a commit that referenced this issue Oct 25, 2021

gzeon issue #55

b4c3ecf

r2moon added the sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") label Oct 27, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Referrer can drain ReferralFeePoolV0 #55

Referrer can drain ReferralFeePoolV0 #55

code423n4 commented Oct 25, 2021

Referrer can drain ReferralFeePoolV0 #55

Referrer can drain ReferralFeePoolV0 #55

Comments

code423n4 commented Oct 25, 2021

Handle

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps