Number of tokens held by contract address can easily be manipulated/increased , but that's still not the problem . What's more concerning here is use of balanceOf(address(this))
to calculate the total number of tokens held by contract . If Attacker sends extra tokens to this contract address , expected number of tokens will be different from actual number of tokens
Medium
Foundry , remix
A variable should be used , to track the count of token amount.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.