First Flight #13: Baba Marta

First Flight #13

Beginner FriendlyFoundryGameFi

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

`MartenitsaToken:updateCountMartenitsaTokensOwner` user can update the count of martenitsaTokens without any restrictions

vesper

Summary

In MartenitsaToken:updateCountMartenitsaTokensOwner users can update the count of martenitsaTokens without any restrictions. Then they will be able to collect as many HealthTokens as they want.

Vulnerability Details

By updating the count of martenitsaTokens without any restriction users will be able to mint HealthToken indefinitely.

Update count of martenitsaTokens with MartenitsaToken:updateCountMartenitsaTokensOwner
Collect the number of HealthTokens in proportion to the number of (fake) tokens you have (1 HealthToken for 3 fake MartenitsaTokens) by calling MartenitsaMarketplace:collectReward.

In this test we will collect 3 HealthToken while we don't have any martinetsaToken.

function testVulnCollectReward() public {

vm.startPrank(bob);

martenitsaToken.updateCountMartenitsaTokensOwner(bob, "add");

marketplace.collectReward();

assert(healthToken.balanceOf(bob) == 3 * 10 ** 18);

vm.stopPrank();

}

Impact

HealthToken can be minted and user can participate to an event without owning any martenitsaToken

Tools Used

Manuel review

Recommendations

MartenitsaToken:updateCountMartenitsaTokensOwner must be only called by MartenitsaMarketplace contract using internal visibility specifier instead of external. Therefore you will have to refactor correctly MartenitsaMarketplace contract.

Updates

Lead Judging Commences

bube Lead Judge about 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

Missing access control

Rewards breakdown

nSLOC

239

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.