Missing checks on the referral_cut
value could enable creating unlimited membership accounts for free
#2
Labels
S0 - info
Info level severity
Summary
In the membership pallet, a
referral_cut
value can be configured that determines a referral bonus to incentivize inviting new members for existing members. The special case when thereferral_cut
==membership_fee
enables any user to create unlimited new membership accounts for free. Since both thereferral_cut
andmembership_fee
values can be configured via root calls/proposals, we consider this as an information-level issue. As a defensive programming practice, we recommend to ensure that the referral cut is aways less than the membership fee.Issue details
In the membership pallet, a
referral_cut
value can be configured that determines a referral bonus to incentivize inviting new members for existing members. The referral bonus is calculated in the following way:The referral bonus is the minimum of
membership_fee
andreferral_cut
. If these two values are equal, one could create infinite new accounts for free (create account a, create account b, refer account a -> a's registration was waived, etc).Risk
If
referral_cut
==membership_fee
, it enables any user to create unlimited new membership accounts for free. Since both of these values can be configured via root calls (set_referral_cut
and hereset_membership_price
), we consider the risk of this very low.Mitigation
We recommend to enforce that
referral_cut
<membership_fee
always holds, either by providing guidelines for setting these values in a sensible way, or ensuring this relation programmatically.The text was updated successfully, but these errors were encountered: