First Flight #13: Baba Marta

First Flight #13

Beginner FriendlyFoundryGameFi

100 EXP

View results

Previous Next

Submission Details

Severity: low

Invalid

In `MartenitsaVoting::announceWinner` function reward is sent to address that listed token which can lead to reward being sent to address that is not current owner of token.

mirkopezo

Summary

Winner of voting is address who listed token which can lead to reward being sent to address that is not current owner of winner token which may not be desired behavior.

Vulnerability Details

User can list token, and then transfer it to another address. But if that token wins reward will be sent to address that listed token which may not be always equal to address that currently owns token.

function announceWinner() external onlyOwner {

require(block.timestamp >= startVoteTime + duration, "The voting is active");

uint256 winnerTokenId;

uint256 maxVotes = 0;

for (uint256 i = 0; i < _tokenIds.length; i++) {

if (voteCounts[_tokenIds[i]] > maxVotes) {

maxVotes = voteCounts[_tokenIds[i]];

winnerTokenId = _tokenIds[i];

}

list = _martenitsaMarketplace.getListing(winnerTokenId);

@> _healthToken.distributeHealthToken(list.seller, 1);

emit WinnerAnnounced(winnerTokenId, list.seller);

}

Impact

Potentially wrong address can receive reward.

Proof of Concept

User1 lists token on marketplace.
Token acquires high number of votes.
User1 sells token to User2 on NFT marketplace, token is still listed.
Winner is announced and reward is sent to User1 while User2 is current owner.

Tools Used

Manual review

Recommendations

Suggestion is to send reward to current owner of token and not to address that listed token on marketplace.

Updates

Lead Judging Commences

bube Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

mirkopezo Submitter

over 1 year ago

bube Lead Judge

over 1 year ago

bube Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

239

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.