Beginner FriendlyFoundryGameFi
100 EXP
View results
Submission Details
Severity: low
Invalid

Risk of underflow in `MartenitsaMarketplace::collectReward()`

Summary

Function collectReward is calculating the rewards for the users eligible for a reward. However and underflow is possible.

Vulnerability Details

uint256 amountRewards = (count / requiredMartenitsaTokens) - _collectedRewards[msg.sender]; is not using any checks preventing overflow/underflow.

Impact

Division: The line uint256 amountRewards = (count / requiredMartenitsaTokens) - _collectedRewards[msg.sender]; performs division to calculate the number of rewards to distribute. However, if count is less than requiredMartenitsaTokens, the result of the division will be zero.

Subtraction: Then, subtracting _collectedRewards[msg.sender] from this result might cause unexpected behavior. If _collectedRewards[msg.sender] is greater than the division result, it could result in a negative value, which is likely not the intended behavior.

To fix this, you should ensure that the division result is at least as large as _collectedRewards[msg.sender] before subtracting.

Tools Used

Manual review

Recommendations

Use openzeppelin safemath or add

function collectReward() external {
require(!martenitsaToken.isProducer(msg.sender), "You are a producer and not eligible for a reward!");
uint256 count = martenitsaToken.getCountMartenitsaTokensOwner(msg.sender);
uint256 amountRewards = (count / requiredMartenitsaTokens);
+ require(amountRewards > _collectedRewards[msg.sender], "No new rewards to collect");
amountRewards -= _collectedRewards[msg.sender];
+ _collectedRewards[msg.sender] += amountRewards;
healthToken.distributeHealthToken(msg.sender, amountRewards);
}
Updates

Lead Judging Commences

bube Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

underflow

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.