Users or producers transferring their MartenitsaToken through token's standard transfer function will make `countMartenitsaTokensOwner` accountability incorrect.
Summary
When a user transfers there token as a gift to someone, the countMartenitsaTokensOwner is updated for both the users, but users transferring it through ERC721 transfer function will make the accountability of countMartenitsaTokensOwner variable incorrect.
Vulnerability Details
The vulnerability is present in the MartenitsaToken contract as it allows normal transfers of the token, as a token is required to be sent to other users only as a gift and there corresponding countMartenitsaTokensOwner variable is updated.
But a user transferring it through ERC721 transfer function will cause countMartenitsaTokensOwner to not update and thus will be incorrect.
Impact
countMartenitsaTokensOwnerwill store incorrect value.As well as consider the scenario when user A transfers their token to user B via ERC721 transfer function, therefore for user B's
countMartenitsaTokensOwnervariable will be 0, even if they have the token. Now, user B wants to gift it to user C, and they transfers it via themakePresentfunction will result in a revert as it tries to decrement thecountMartenitsaTokensOwnerfor user C, and as it is already 0 thus they will face DoS.
Tools Used
Manual Review
Recommendations
Block the
MartenitsaTokentransfer function that are associated with ERC721 by overriding them and reverting inMartenitsaTokencontract.
Lead Judging Commences
ERC721 `transferFrom` not overriden
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.