First Flight #13: Baba Marta

First Flight #13

Beginner FriendlyFoundryGameFi

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

`MartenitsaVoting::voteForMartenitsa` allows users' Martenitsa tokens to be voted upon

irondevx

Summary

Producers can transfer their Martenitsa tokens to users, which can still be voted upon during the voting event, which shouldn't be the case.

Vulnerability Details

MartenitsaVoting::voteForMartenitsa incorrectly enforces the rule that only tokens owned by producers can be voted upon. This restriction is intended to ensure that only MartenitsaTokens produced by active, verified producers are considered in voting to maintain quality and relevancy.

However, the current implementation does not effectively enforce this rule when tokens change hands from producers to non-producers, leading to a scenario where non-producers can vote on tokens that should no longer be eligible under the specified criteria.

Impact

This flaw allows non-producer-owned tokens (which have been transferred from producers) to still be voted upon, contrary to the intended functionality. This can undermine the integrity of the voting process, allowing less relevant tokens to influence the results.

Tools Used

Foundry, manual review

Proof of code

Code

Add the following code to the `MartenitsaVoting.t.sol` file:

function test__VoteForMartenitsa__NonProducersMartenitsa() public listMartenitsa {

// ********** Setup **********

uint256 tokenId = 0;

vm.startPrank(chasy);

martenitsaToken.approve(address(marketplace), tokenId);

marketplace.makePresent(bob, tokenId); // Chasy as the producer gifts listed token to Bob

vm.stopPrank();

// ********** Bob as the user votes for their own Martenitsa **********

vm.prank(bob);

voting.voteForMartenitsa(tokenId);

}

Recommendations

Implement an additional check in the MartenitsaVoting::voteForMartenitsa function to verify that the owner of the specified tokenId is a producer.

function voteForMartenitsa(uint256 tokenId) external {

+ require(_martenitsaToken.isProducer(_martenitsaToken.ownerOf(tokenId)), "You can only vote for producers' tokens");

// ...

}

Updates

Lead Judging Commences

bube Lead Judge over 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

Unable to receive reward

Rewards breakdown

nSLOC

239

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.