First Flight #13: Baba Marta
First Flight #13
Beginner FriendlyFoundryGameFi
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Non-functional isProducer in MartenitsaEvent

jennifersun

Summary

In MartenitsaEvent, users can join an event to get temporary producer permission in contract MartenitsaToken. isProducer in MartenitsaToken isn't modified after joining event.

Vulnerability Details

According to document description and BaseTest.t.sol file, smart contract MartenitsaToken and MartenitsaEvent are two smart contracts. Smart contract MartenitsaToken will mint/transfer NFT Tokens and also set producers. When users join an event in smart contract MartenitsaEvent, MartenitsaEvent will update MartenitsaToken's isproducer variable. In this case, users can get temporary permission to producer. However, in current implementation, MartenitsaEvent update its own isproducer, not MartenitsaToken's isproducer.

PoC

function testInheritJoinEvent() public activeEvent eligibleForReward {
vm.startPrank(bob);
marketplace.collectReward();
healthToken.approve(address(martenitsaEvent), 10 ** 18);
martenitsaEvent.joinEvent();
vm.stopPrank();
assert(healthToken.balanceOf(bob) == 0);
assert(healthToken.balanceOf(address(martenitsaEvent)) == 10 ** 18);
assert(martenitsaEvent.getParticipant(bob) == true);
console.log(martenitsaToken.isProducer(bob));
}

And the test result shows bob doesn't become one producer in martenitsaToken.

Impact

Users who join an event cannot become actual producer to create some NFTs in contract martenitsaToken.

Tools Used

Manual & Foundry

Recommendations

When one user joins the event, contract MartenitsaEvent should update contract MartenitsaToken's isproducer.

Updates

Lead Judging Commences

bube Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

MartenitsaToken and MartenitsaEvent have different addresses

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.