First Flight #13: Baba Marta
First Flight #13
Beginner FriendlyFoundryGameFi
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

HealthTokens can be transferred between users.

kostov

Summary

HealthTokens can be transferred between users which breaks invariant.

Details

As stated there should be only two ways to receive HealthToken:

These should be the two eligible ways to receive a HealthToken in this protocol.
setMarketAndVotingAddress: Allows the owner to set the addresses of the MartenitsaMarketplace and MartenitsaVoting contracts.
distributeHealthToken: Allows the marketplace and voting contracts to distribute HealthTokens as rewards to specified addresses.

However, the transfer and transferFrom allow another way to receive HealthTokens.

Proof of Code

paste this test and run it in MartenitsaMarketPlace.t.sol

function testCanTransferHealthTokens() public {
address pan = makeAddr("pan");
//Mint HealthTokens to Bob
vm.startPrank(bob);
uint256 i = 0;
uint256 martenitsaToHealthTokenRatio = 3;
uint256 amountOfFreeMartenitsaTokens = 99;
for (i; i < amountOfFreeMartenitsaTokens; i++) {
martenitsaToken.updateCountMartenitsaTokensOwner(address(bob), "add");
}
marketplace.collectReward();
uint256 bobHealthTokensBalance = healthToken.balanceOf(address(bob));
uint256 expectedBobHealthTokensBalance = (amountOfFreeMartenitsaTokens / martenitsaToHealthTokenRatio) * 1e18;
assert(bobHealthTokensBalance == expectedBobHealthTokensBalance);
healthToken.transfer(pan, bobHealthTokensBalance);
vm.stopPrank();
console.log("Pan HealthTokens balance ", healthToken.balanceOf(pan));
assert(healthToken.balanceOf(pan) == bobHealthTokensBalance);
}

Tools Used

Manual Review

Unit tests

Recommendations

Override the default ERC20::transfer and ERC20::transferFrom

Updates

Lead Judging Commences

bube Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

ERC20 `transfer` not overriden

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.