Currently, ChoosingRam::increaseValuesOfParticipants
does not check if the provided tokenId
s are the same, allowing the caller (challenger) to effectively bypass the function's if (random == 0)
check, and guaranteeing an increase in their NFT attributes.
ChoosingRam::increaseValuesOfParticipants
does not check if the provided tokenIdOfChallenger
and tokenIdOfAnyPerticipent
tokenIds are the same.
The function's if (random == 0)
is effectively bypassed, guaranteeing the challenger's NFT attributes are updated. This is unintended behavior.
Manual Review
Add a check to ensure that tokenIdOfChallenger
and tokenIdOfAnyPerticipent
are not the same.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.