Beginner FriendlyFoundryGameFi
100 EXP
View results
Submission Details
Severity: high
Valid

Unauthorized uupdateCountMartenitsaTokensOwner Manipulation Affects HealthToken Distribution

[H-1] Unauthorized uupdateCountMartenitsaTokensOwner Manipulation Affects HealthToken Distribution

Description:
The updateCountMartenitsaTokensOwner function allows for the manipulation of token ownership counts for a given address (owner). It accepts an operation parameter, which specifies whether to increment or decrement the count. The function checks if the operation is either "add" or "sub", and then adjusts the token count accordingly. However, due to the lack of access control or permission checks, anyone can call this function, potentially causing unauthorized changes to token ownership counts.

Impact:
as unauthorized manipulation of token counts can disrupt systems reliant on accurate ownership data. Specifically, in scenarios where owning more than three Martenistatoken grants HealthToken, the vulnerability can lead to undeserved rewards or advantages for malicious actors.

Proof of Concepts

Recommended mitigation:
set updateCountMartenitsaTokensOwner function internal.

Updates

Lead Judging Commences

bube Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Missing access control

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.