Beginner FriendlyFoundryGameFi
100 EXP
View results
Submission Details
Severity: low
Invalid

health tokens are locked in MartenitsaEvent contract

Summary

health tokens are locked in MartenitsaEvent contract

Vulnerability Details

When owner starts an event in MartenitsaEvent, users who are not an producer will join this event to become an temporary producer via joining event. The condition for joining this event is to pay 1 HealthToken. So MartenitsaEvent contract will earn some profits. However, these profits cannot be withdraw because of lacking related function and will be locked in this contract forever.

function joinEvent() external {
require(block.timestamp < eventEndTime, "Event has ended");
require(!_participants[msg.sender], "You have already joined the event");
require(!isProducer[msg.sender], "Producers are not allowed to participate");
require(_healthToken.balanceOf(msg.sender) >= healthTokenRequirement, "Insufficient HealthToken balance");
_participants[msg.sender] = true;
participants.push(msg.sender);
emit ParticipantJoined(msg.sender);
(bool success) = _healthToken.transferFrom(msg.sender, address(this), healthTokenRequirement);
require(success, "The transfer is not successful");
_addProducer(msg.sender);
}

Impact

Profits in MartenitsaEvent will locked forever.

Tools Used

Manual

Recommendations

Add one withdraw() function to withdraw the related profits.

Updates

Lead Judging Commences

bube Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

HealthTokens in MartenitsaEvent

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.