Description: The MartenitsaToken.sol
manages a collection of digital tokens called MartenitsaTokens
.
The function createMartenitsa
allows only registered producers to create a new martenitsa token with a specified design, and this contract have another functionality updateCountMartenitsaTokensOwner
allows updating the count of martenitsa tokens owned by a specific address. However, this contract allows the malicious user to call the MartenitsaToken::updateCountMartenitsaTokensOwner
because of this the malicious user create unlimited new martenitsa token owners without any restrictions.
Impact: The malicious user easily create unlimited new martenitsa token owners and update the count of martenitsaTokens for a specific address.
Proof Of Concept: Paste this test
to your test folder and run the test.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.