Beginner FriendlyFoundryGameFi
100 EXP
View results
Submission Details
Severity: high
Valid

The `MartenitsaToken::updateCountMartenitsaTokensOwner` allows unlimited updating the count of martenitsa tokens owned by a specific address.

Description: The MartenitsaToken.sol manages a collection of digital tokens called MartenitsaTokens.
The function createMartenitsa allows only registered producers to create a new martenitsa token with a specified design, and this contract have another functionality updateCountMartenitsaTokensOwner allows updating the count of martenitsa tokens owned by a specific address. However, this contract allows the malicious user to call the MartenitsaToken::updateCountMartenitsaTokensOwner because of this the malicious user create unlimited new martenitsa token owners without any restrictions.

Impact: The malicious user easily create unlimited new martenitsa token owners and update the count of martenitsaTokens for a specific address.

Proof Of Concept: Paste this test to your test folder and run the test.

function test_MartenitsaTokenAnyoneCallAndGainToken() public {
// unKnown user call the updateCountMartenitsaTokensOwner
vm.startPrank(bob);
martenitsaToken.updateCountMartenitsaTokensOwner(bob, "add");
martenitsaToken.updateCountMartenitsaTokensOwner(bob, "add");
martenitsaToken.updateCountMartenitsaTokensOwner(bob, "add");
martenitsaToken.updateCountMartenitsaTokensOwner(bob, "add");
vm.stopPrank();
// In countMartenitsaTokensOwner mapping, the user is updating the count of martenitsaTokens
console.log(" get the count of martenitsaTokens:", martenitsaToken.getCountMartenitsaTokensOwner(bob));
}
Updates

Lead Judging Commences

bube Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Missing access control

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.