`MartenitsaMarketplace:collectReward` in a particular scenario amountRewards can't be correct because `_collectedRewards` mapping isn't reset if users sell at least 3 martenitsa token.
Summary
MartenitsaMarketplace:collectReward in a particular scenario amountRewards can't be correct because _collectedRewards mapping isn't reset if users sell at least 3 martenitsa token during an event and rebuy 3 others later, at this time user won't be able to claim his new healthtoken.
Vulnerability Details
If a user first buys 3 martenitsa tokens, claims his healthtoken, sells his 3 martenitsa tokens during an event and later buys 3 new martenitsa tokens, he will no longer be able to claim a new health token because in MartenitsaMarketplace:collectReward line 104 of MartenitsaMarketplace contract the _collectedRewards is subtracted from the amountRewards and as mapping(address => uint256) private _collectedRewards; mapping is not reset to zero after the first 3 tokens have been sold, the amountRewards will be equal to zero instead of 1.
Impact
User won't receive his HealthToken despite having 3 new martenitsa tokens
Tools Used
Manuel review
Recommendations
Track the number of sales per user and decrement by 1 `mapping(address => uint256) private _collectedRewards; every 3 sales of martenitsa token per user.
Lead Judging Commences
Incorrect logic in collectReward
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.