First Flight #13: Baba Marta
First Flight #13
Beginner FriendlyFoundryGameFi
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Any user can update anyone's `countMartenitsaTokensOwner` variable leads to obtaining many HTs

0x0bserver

Summary

No check to allow only the owner of the MartenitsaToken contract to change the amount of countMartenitsaTokensOwner variable. This results in any user able to change the variable, making it possible to obtain more HeathTokens than it is intended by the protocol.

Vulnerability Details

In MartenitsaToken::updateCountMartenitsaTokensOwner function, there is no check which enables any user to access this function and change the countMartenitsaTokensOwner variable. Any malicious actor can use this function to increase and decrease the countMartenitsaTokensOwner variable.

Impact

A malicious user/producer can:

  1. User can use this function to increase it's own countMartenitsaTokensOwner variable to gain more HealthTokens.

  2. User/Producer can use this function to decrease anyone's countMartenitsaTokensOwner variable such that they are unable to claim HealthTokens even when they have sufficient MartenitsaTokens with them.

Tools Used

Manual Review

Recommendations

Add onlyOwner modifier in the MartenitsaToken::updateCountMartenitsaTokensOwner function to restrict the access to only the owner of the contract.

Updates

Lead Judging Commences

bube Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Missing access control

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.