First Flight #13: Baba Marta

First Flight #13

Beginner FriendlyFoundryGameFi

100 EXP

View results

Previous Next

Submission Details

Severity: low

Valid

Listing of NFT is not check in makePresent() causing the NFT not to be sold anymore

Nocturnus

Summary

Users can gift their MartenitsaTokens to each other free of charge by calling makePresent(). The only requirement is to own the token.

Vulnerability Details

Martenitsa Tokens can also be listed for sale, listMartenitsaForSale(). This function modifies Listing struck member forSale as true when it's listed and as well the seller. But the makePresent() function does not check either of these.

Impact

forSale bool and seller should be checked in the makePresent function in order to avoid makePresent to be called. Otherwise listed NFT is made present it wont be able to be sold anymore by the new owner. Because the Listing struct has seller of the previous owner.. testNCTMakePresentListedToken.
Another effect is to reduce the updateCountMartenitsaTokensOwner of the previous owner.

function testMakePresentListedToken() public listMartenitsa {

vm.startPrank(chasy);

martenitsaEvent.approve(address(marketplace), 0);

marketplace.makePresent(bob, 0); // can be makePresent to Bob even if it's listed. Bob won't be able to sell it!

vm.stopPrank();

(,,,, bool forSale) = marketplace.tokenIdToListing(0);

assertEq(forSale, true);

vm.prank(bob);

martenitsaEvent.approve(address(marketplace), 0);

//[Revert] panic: arithmetic underflow or overflow (0x11)

vm.deal(makeAddr("wallet1"), 1 wei);

vm.prank(makeAddr("wallet1"));

marketplace.buyMartenitsa{value: 1 wei}(0);

assert(martenitsaEvent.ownerOf(0) == bob);

assert(martenitsaEvent.getCountMartenitsaTokensOwner(makeAddr("wallet1")) == 0);

assert(martenitsaEvent.getCountMartenitsaTokensOwner(chasy) == 0);

assert(martenitsaEvent.getCountMartenitsaTokensOwner(bob) == 1);

}

Tools Used

foundry

Recommendations

forSale bool and seller should be checked in the makePresent function in order to avoid makePresent to be called.

Updates

Lead Judging Commences

bube Lead Judge over 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

Listed MartenitsaToken can be transferred before the sale

Rewards breakdown

nSLOC

239

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.