There is a Denial Of Service after buying the winner Martenitsa token.
A malicious actor can:
Wait for the vote to end.
Buy the winner token before announceWinner()
is executed.
Notice that a token must be for sale to be eligible to enter a vote.
In MartenitsaVoting.sol
when calling announceWinner()
, it gets the listing of winnerTokenId
. Now getListing()
requires the token to be for sale. If a malicious actor buys the token before announceWinner()
is called, it will set listing.forSale
to false
making getListing()
fails, therefore a denial of service.
Prevent the winner from getting the reward.
Manual review.
Consider adding logic to prevent the winning token from being purchased until announceWinner()
has been executed.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.