[H-1] Martenisa tokens count can be manipulated because the `updateCountMartenitsaTokensOwner` function does not check the actual balance of the owner address before updating the state.
[H-1] Martenisa tokens count can be manipulated by any user because the MartenitsaToken::updateCountMartenitsaTokensOwner function does not check the actual balance of the owner address before updating the state.
Description: The updateCountMartenitsaTokensOwner function is supposed to keep track of the count of martenitsaTokens for a specific address. However, any user can call this function and pass in their own address or another user's address and update their balances.
Impact: A user can artificially inflate their balance to infinity, and mint an indefinite amount of HealthToken by calling the MartenitsaMarketplace::collectReward function or they can reduce the number of tokens of other users to 0.
Proof of Concepts: I updated the MartenitsaToken::testUpdateCounttest inside MartenisaToken.t.sol. The test shows that bob can change chasy's balance however he wants.
Proof of Code
Recommended mitigation: Implement a balance check inside the MartenitsaToken::updateCountMartenitsaTokensOwner function in order to validate that the owner indeed has more or fewer tokens before updating the state. Maybe it is also worth considering adding access control.
Tools used: Manual review
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.