Duplicate `tokenId` will be added in `_tokenIds` array variable leading to DOS
Summary
Duplicate tokenId will be added in _tokenIds array variable leading to DOS
Vulnerability Details
Every time a user votes using voteForMartenitsa function, _tokenIds array length is increased even if the tokenId is same or already present in the array. This result in, a tokenId always being added to the _tokenId array and increasing the length continuously till the end of the voting event.
Impact
The _tokenIds array variable will become very large if there are thousands of users voting for producers as every vote by a user is added in the _tokenIds array and increasing it's length. As the duration of the voting event is 1 day, this duration is more than enough to increase the array length such that when owner uses announceWinner function to end the event and announce the winner, the function leads to DOS. Owner will not be able to announce the winner or even use the announceWinner function, making the voting event redundant.
Tools Used
Manual Review
Recommendations
Add a if statement which will check for the already present tokenId in _tokenIds array. This will limit the array length to the actual number of participants.
Lead Judging Commences
Unbounded arrays
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.