Prevent Self-Referral Reward Exploits

[hman38705]

issues : 21

Great issue: Prevent Self-Referral Reward Exploits

Description
The referrer parameter in the place_bet function is accepted without any identity verification. This allows a malicious bettor to provide their own secondary address (or even the same address) as a referrer for every bet, effectively gaining a systematic discount on all protocol fees and draining the referral pool intended for actual promoters.

Requirements and context

• Add a strict requirement check: require!(referrer != bettor).
• Consider implementing a "Referrer Whitelist" or verification system for high-volume accounts.

Suggested execution

• Fork the repo and create a branch: git checkout -b fix/issue-21-self-referral
• Update the betting authorization logic.

Implementation changes

• Modify bets.rs (around line 19) to validate the bettor and referrer are distinct entities.

Test and commit

• Verify that a bet attempt where referrer == bettor results in an immediate transaction failure.

Example commit message
fix: prevent bettors from referring themselves to claim fee discounts

Guidelines

• Economic integrity of the referral system.
• Timeframe: 24 hours.

[drips-wave]

This issue has been added to the Stellar Wave Program and is worth 200 Points.

🧑‍💻 Interested in contributing? Apply to work on this issue on Drips Wave, earn points, and receive rewards.

Warning

Only applications submitted via the apply link above will be considered. Please do not apply by commenting on the issue or opening a PR directly.

🤠 Repo maintainers: You can manage this issue's Points and Complexity on your Maintainer Dashboard here. Please keep an eye on applications and respond quickly 💙

ℹ️ Learn more about Drips Wave

[Xoulomon]

@Xoulomon has applied to work on this issue as part of the Stellar Wave Program's 3rd wave.

Hey Maintainer, I have gone through the details of the issue and i am capable of resolving it, I would love to be assigned to work on it ASAP. Thanks in advance

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Xoulomon to this issue.

[drips-wave]

Congratulations, @Xoulomon! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on March 30, 2026.

🧑‍💻 @Xoulomon: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊

[drips-wave]

This issue has been completed by @Xoulomon as part of the Stellar Wave Program's 3rd Wave 🥳

😎 @Xoulomon: You earned 200 Points for completing this issue! After the current Wave ends, you'll be eligible for a percentage of the Wave's reward pool based on the percentage of total points you've earned. Learn more here. You can also Leave a review to share your experience working on this issue.

🧑‍💻 Repo maintainers: How'd the contributor do? Leave a review to share your experience working with them.