First Flight #13: Baba Marta
First Flight #13
Beginner FriendlyFoundryGameFi
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

Already voted user will never be able to vote again `MartenitsaVoting::voteForMartenitsa`

topstar

Summary

Baba Marta protocol allows users to vote for different Martenitsa designs.

Vulnerability Details

voteForMartenitsa function is using hasVoted mapping to record each voted address. However is doesn't check for which tokenId is voted by the user.

function voteForMartenitsa(uint256 tokenId) external {
require(!hasVoted[msg.sender], "You have already voted");
require(block.timestamp < startVoteTime + duration, "The voting is no longer active");
list = _martenitsaMarketplace.getListing(tokenId);
require(list.forSale, "You are unable to vote for this martenitsa");
hasVoted[msg.sender] = true;
voteCounts[tokenId] += 1;
_tokenIds.push(tokenId);
}

Impact

Let's image Alice votes for Martenitsa #1. A day after the voting is over and a new voting is started. She now wants to vote for another Martenitsa (#2).
require(!hasVoted[msg.sender], "You have already voted"); will never pass since her address is already in the mapping.

Tools Used

Manual review

Recommendations

hasVoted is never set to false once the voting for the specific Martenitsa is over, use a different approach to check if the user has voted for the current token.

Updates

Lead Judging Commences

bube Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.