`amountRewards` variable `rewrites` itself everytime `collectReward` function is used which leads to gaining more HealthTokens
Summary
amountRewards variable rewrites itself everytime collectReward function is used which leads to gaining more HealthTokens.
Vulnerability Details
In MartenitsaMarketplace::collectReward function, after amountRewards is calculated, amountRewards is not added in _collectedRewards variable. Rather, _collectedRewards is rewritten with the current amountRewards. But only the current amountRewards does not account for all the previous rewards collected by the respective user.
Thus, only the immediate previous amountRewards is reduced everytime a user uses collectReward function to collect HealthTokens, which enables the user to gain HealthTokens much more than it is intended.
Impact
Users will be able to obtain more HealthTokens then it is intended by the protocol.
Tools Used
Manual Review
Recommendations
Add code in MartenitsaMarketplace::collectReward function:
Lead Judging Commences
_collectedRewards is not updated correctly
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.