Submission Details
Severity:
Incorrect implementation in `collectReward` function
Summary
function:collectReward in MartenitsaMarketplace contract Is used to collect Health Tokens by users. As 1 Health Token is given 3 different Martenitsa tokens, _collectedRewards mapping keeps track of rewards collected by a user. This mapping should be updated everytime by adding amountRewards variable to it, but instead it is reassigned. This mathematical error, wrongfully calculates rewards collected and hence sends wrong reward amounts.
Vulnerability Details: Everytime new rewards are calculated, it should be added to already rewarded amount instead of reassigning .
uint256 amountRewards = (count / requiredMartenitsaTokens) - _collectedRewards[msg.sender];
if (amountRewards > 0) {
---> _collectedRewards[msg.sender] = amountRewards; // this has to be +=
healthToken.distributeHealthToken(msg.sender, amountRewards);
}
Impact: High as it wrongly calculates number of health tokens rewarded and to be rewarded.
Tools Used
Manual review
Recommendations
change the following line in function:collectReward:
- _collectedRewards[msg.sender] = amountRewards;
+ _collectedRewards[msg.sender] += amountRewards;
Updates
Lead Judging Commences
bube over 1 year ago
Submission Judgement Published Assigned finding tags:
_collectedRewards is not updated correctly
Rewards breakdown
nSLOC
239This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.