First Flight #13: Baba Marta
First Flight #13
Beginner FriendlyFoundryGameFi
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

User can mint infinitely Health Tokens

nikos

Summary

User via updateCountMartenitsaTokensOwner can mint HealthToken infinitely

Vulnerability Details

updateCountMartenitsaTokensOwner is external and updates countMartenitsaTokensOwner. This state is used inside collectReward which distribute rewards in HealthToken for users.

Impact

User can get that much rewards as he wants.

Proof Of Concept

  1. Bob execute updateCountMartenitsaTokensOwner for min. 3 times

  2. Bob execute collectReward getting free HealthTokens.

Tools Used

Manual Review

Recommendations

Simply changing updateCountMartenitsaTokensOwner from external to internal should do the work, but I also propose to check inside collectReward if user actually has NFT.

function collectReward() external {
require(!martenitsaToken.isProducer(msg.sender), "You are producer and not eligible for a reward!");
+ require(!martenitsaToken.balanceOf(msg.sender) > 0; "You don't have any NFTs!");
uint256 count = martenitsaToken.getCountMartenitsaTokensOwner(msg.sender);
uint256 amountRewards = (count / requiredMartenitsaTokens) - _collectedRewards[msg.sender];
if (amountRewards > 0) {
_collectedRewards[msg.sender] = amountRewards;
healthToken.distributeHealthToken(msg.sender, amountRewards);
}
}
Updates

Lead Judging Commences

bube Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Missing access control

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.