Beginner FriendlyFoundryGameFi
100 EXP
View results
Submission Details
Severity: low
Invalid

[M-3] Sybil attack vulnerability in `MartenitsaVoting::voteForMartenitsa` function. A bad actor can manipulate the voting competition.

[M-3] Sybil attack vulnerability in MartenitsaVoting::voteForMartenitsa function. A bad actor can manipulate the voting competition.

Description: There are no checks/ access controls or costs inside the MartenitsaVoting::voteForMartenitsa function that will prevent a malicious user from creating 100 wallets, and vote his own listing from all of them. The only things that this function checks are if msg.sender already voted, if the voting period has started, and if the Martenitsa token is listed for sale.

Impact: A malicious user can create an indefinite number of new wallets and vote his own token in order to win the competition.

Recommended mitigation: Add additional enforcements in place such as, only martenitsa token holders can vote or only health token holders can vote, etc.

Tools used: Manual review

Updates

Lead Judging Commences

bube Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Multiple addresses

Keyword Submitter
about 1 year ago
bube Lead Judge
about 1 year ago
Keyword Submitter
about 1 year ago
bube Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Multiple addresses

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.