Currently, ChoosingRam::increaseValuesOfParticipants
does not check if the provided tokenIdOfChallenger
and tokenIdOfAnyPerticipent
tokenIds are owned by the same wallet. This results in unintended behavior where the challenger is guaranteed to have one of their NFTs' attributes upgraded.
ChoosingRam::increaseValuesOfParticipants
does not check if the provided tokenIdOfChallenger
and tokenIdOfAnyPerticipent
tokenIds are owned by the same wallet.
Since both tokenIds can belong to the same user, it guarantees that only the caller (challenger) will have one of their NFT's attributes upgraded, which is unintended behavior.
Manual Review
Add a check to ensure that the owners of tokenIdOfChallenger
and tokenIdOfAnyPerticipent
are not the same.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.