Any producer can make various accounts to vote for himself leading to winning the voting event in `MartenitsaVoting` contract
Summary
Any producer can make various accounts to vote for himself leading to winning the voting event in MartenitsaVoting contract.
Vulnerability Details
Currently in MartenitsaVoting contract's voteForMartenitsa function, anyone can vote for any producer. This no barrier to entry to participate and vote in voting event, can be used by malicious producers by creating more accounts posing as users and voting for themselves.
Impact
This vulnerability will defeat the purpose of voting in MartenitsaVoting contract. As producers will keep voting themselves by creating new account and any non-malicious users votes will have no worth/value in the voting event.
Tools Used
Manual Review
Recommendations
Restrict participation of users in the voting event. For example, only those users who have previously bought any MartenitsaTokens or currently hold atleast 1 MartenitsaToken should be able to vote. And not everyone.
This will discourage the malicious producers to make fake user accounts as they would now need to first buy MartenitsaTokens before they can participate in the voting.
Lead Judging Commences
Multiple addresses
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.