Control Access issue in the updateCountMartenitsaTokensOwner()
function allowing anyone to update the number of MartenitsaToken
of anyone.
The countMartenitsaTokensOwner[]
mapping should be updated solely when a producer creates a MartenitsaToken
or when a user buys a MartenitsaToken
or makes a present. However, the updateCountMartenitsaTokensOwner(address owner, string memory operation)
function allows anyone from outside the contract to update countMartenitsaTokensOwner[owner]
as he wishes.
Anyone can collect more healthTokens
than they should by increasing their countMartenitsaTokensOwner
by specifying their address as the owner agrument. getCountMartenitsaTokensOwner
will give a wrong return value, collectRewards()
will send the attacker more healthTokens than it should.
Manual analysis
import {MartenitsaMarketplace} from "./MartenitsaMarketplace.sol";
add this line as a state variable:
MartenitsaMarketplace private _martenitsaMarketplace;
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.