Baba Marta protocol allows users to vote for different Martenitsa designs.
voteForMartenitsa
function is using hasVoted
mapping to record each voted address. However is doesn't check for which tokenId
is voted by the user.
Let's image Alice votes for Martenitsa #1. A day after the voting is over and a new voting is started. She now wants to vote for another Martenitsa (#2).
require(!hasVoted[msg.sender], "You have already voted");
will never pass since her address is already in the mapping.
Manual review
hasVoted
is never set to false once the voting for the specific Martenitsa is over, use a different approach to check if the user has voted for the current token.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.