Submission Details
Severity:
Incorrectly list martenitsaToken on marketplace for sell to cause DoS
Summary
Incorrectly list martenitsaToken on marketplace for sell to cause DoS
Vulnerability Details
function listMartenitsaForSale(uint256 tokenId, uint256 price) external {
require(msg.sender == martenitsaToken.ownerOf(tokenId), "You do not own this token");
require(martenitsaToken.isProducer(msg.sender), "You are not a producer!");
require(price > 0, "Price must be greater than zero");
Listing memory newListing = Listing({
tokenId: tokenId,
seller: msg.sender,
price: price,
design: martenitsaToken.getDesign(tokenId),
forSale: true
});
tokenIdToListing[tokenId] = newListing;
emit MartenitsaListed(tokenId, msg.sender, price);
}
Incorrectly list martenitsaToken on marketplace for sell to cause DoS. For example, the martenitsaToken for sell are not approved for marketpalace, or the martenitsaToken for sell are transfered to another address. The list will be invalid.
POC:
function testNotApprovedBuyMartenitsa() public listMartenitsa {
vm.prank(bob);
vm.expectRevert();
marketplace.buyMartenitsa{value: 1 wei}(0);
}
add this test function in MartenitsaMarketplace.t.sol,
then run forge test --mt testNotApprovedBuyMartenitsa
Impact
Tools Used
Foundry
Recommendations
Transfer token to marketpalce when list for sell
Updates
Lead Judging Commences
bube over 1 year ago
Submission Judgement Published Assigned finding tags:
Listed MartenitsaToken can be transferred before the sale
Rewards breakdown
nSLOC
239This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.