First Flight #13: Baba Marta

First Flight #13

Beginner FriendlyFoundryGameFi

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

In case of a draw in the votes, only one producer gets the health token.

Aizen

Summary

In case of a draw in the votes, only one producer gets the health token.

Vulnerability Details

During the voting for the best Martenitsa, If two producers get the highest votes only one of them will get rewarded with a healthToken

example scenario :

Chasy (producer) gets 4 votes for her Martenitsa
Jack (producer) gets 4 votes for his Martenitsa
Only Chasy gets the health token

PoC

add the following code to the MartenitsaVoting.t.sol testsuite

function testDrawVoting() public listMartenitsa {

//chasy's and jack's healthToken Balance before the vote

console.log("[Before-Voting]");

console.log("Chasy's health token balance : ", healthToken.balanceOf(address(chasy)));

console.log("Jack's health token balance : ", healthToken.balanceOf(address(jack)));

//Jack(producer) has his own Martenitsa

vm.startPrank(jack);

martenitsaToken.createMartenitsa("balls");

marketplace.listMartenitsaForSale(1, 1 wei);

vm.stopPrank();

//voters for chasy's Martenitsa

address alice = makeAddr("alice");

address charlie = makeAddr("charlie");

address david = makeAddr("david");

//voters for jack's Martenitsa

address john = makeAddr("john");

address sam = makeAddr("sam");

address patrick = makeAddr("patrick");

address jay = makeAddr("jay");

//voting for chasy

vm.prank(alice);

voting.voteForMartenitsa(0);

vm.prank(bob);

voting.voteForMartenitsa(0);

vm.prank(charlie);

voting.voteForMartenitsa(0);

vm.prank(david);

voting.voteForMartenitsa(0);

//voting for jack

vm.prank(john);

voting.voteForMartenitsa(1);

vm.prank(sam);

voting.voteForMartenitsa(1);

vm.prank(patrick);

voting.voteForMartenitsa(1);

vm.prank(jay);

voting.voteForMartenitsa(1);

console.log("[Final Votes Results]");

console.log("Chasy's Martenitsa got ", voting.getVoteCount(0), "votes");

console.log("Jack's Martenistsa got ", voting.getVoteCount(1), "votes");

//end the voting period

vm.warp(block.timestamp + 1 days + 1);

voting.announceWinner();

console.log("[After-Voting]");

console.log("Chasy's health token balance : %e", healthToken.balanceOf(address(chasy)));

console.log("Jack's health token balance : ", healthToken.balanceOf(address(jack)));

}

output :

Ran 1 test for test/MartenitsaVoting.t.sol:MartenitsaVoting

[PASS] testDrawVoting() (gas: 1075090)

Logs:

[Before-Voting]

Chasy's health token balance : 0

Jack's health token balance : 0

[Final Votes Results]

Chasy's Martenitsa got 4 votes

Jack's Martenistsa got 4 votes

[After-Voting]

Chasy's health token balance : 1e18

Jack's health token balance : 0

Impact

Impact : Medium
Likelihood : Medium

Since there are quite some chances of votes resulting in draws, every time a vote results in a draw, one of the producer doesn't get their deserved health token

Tools Used

Manual review, foundry

Recommendations

Add a way to reward multiple winners in case of a draw

Updates

Lead Judging Commences

bube Lead Judge over 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

Tie in voting is not considered

Rewards breakdown

nSLOC

239

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.