Submission Details
Severity:
[H-02] Token transfer in MartenitsaToken::transfer functions not updating countMartenitsaTokensOwner causes rewards manipulate.
Description:
when users transfer tokens between each other the countMartenitsaTokensOwner not updated accordingly leads to missleading and wrong reward collecting.
Impact:
this Impacts MartenitsaMarketplace::collectReward function ,
when users transfer tokens the original buyers counts is set so they can collect rewards instead of new owners
Proof of Concept:
Proof Of Code
Place the following test into MartenitsaMarketplace.t.sol.
function testTransferFromNotUpdatingCounts() public listMartenitsa {
vm.prank(chasy);
martenitsaToken.approve(address(marketplace), 0);
vm.prank(bob);
marketplace.buyMartenitsa{value: 1 wei}(0);
uint256 countBobBefore = martenitsaToken.getCountMartenitsaTokensOwner(
bob
);
uint256 countJackBefore = martenitsaToken.getCountMartenitsaTokensOwner(
jack
);
assertEq(countBobBefore, 1);
assertEq(countJackBefore, 0);
vm.prank(bob);
martenitsaToken.safeTransferFrom(bob, jack, 0);
uint256 countBobAfter = martenitsaToken.getCountMartenitsaTokensOwner(
bob
);
uint256 countJackAfter = martenitsaToken.getCountMartenitsaTokensOwner(
jack
);
assertEq(countBobAfter, 1);
assertEq(countJackAfter, 0);
}
Recommended Mitigation:
override _update function and add the logic to update countMartenitsaTokensOwner .
Updates
Lead Judging Commences
bube over 1 year ago
Submission Judgement Published Assigned finding tags:
ERC721 `transferFrom` not overriden
Rewards breakdown
nSLOC
239This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.