Description

The external function registerCode allows any account to register a referral code:

function registerCode(bytes32 _code) external {
    require(_code != bytes32(0), "ReferralStorage: invalid _code");
    require(codeOwners[_code] == address(0),
        "ReferralStorage: code already exists");

    codeOwners[_code] = msg.sender;
    codes[msg.sender] =  _code;
    referrerTiers[msg.sender] = _DEFAULT_TIER_ID;

    emit RegisterCode(msg.sender, _code);
}

One account should only have one referral code, but this function does not check that the account does not already have a code registered.

Impact

One account can register multiple referral codes.

Recommendations

Add a check to revert if the account already has a referral code.

Remediation

This issue has been acknowledged by Avantis Labs, Inc., and a fix was implemented in commit 13bb96c4↗.