[H-1] Unauthorized uupdateCountMartenitsaTokensOwner Manipulation Affects HealthToken Distribution
Description:
The updateCountMartenitsaTokensOwner
function allows for the manipulation of token ownership counts for a given address (owner). It accepts an operation parameter, which specifies whether to increment or decrement the count. The function checks if the operation is either "add" or "sub", and then adjusts the token count accordingly. However, due to the lack of access control or permission checks, anyone can call this function, potentially causing unauthorized changes to token ownership counts.
Impact:
as unauthorized manipulation of token counts can disrupt systems reliant on accurate ownership data. Specifically, in scenarios where owning more than three Martenistatoken
grants HealthToken
, the vulnerability can lead to undeserved rewards or advantages for malicious actors.
Proof of Concepts
Recommended mitigation:
set updateCountMartenitsaTokensOwner
function internal.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.