c4-judge
commented
1 year ago gzeon-c4 marked the issue as duplicate of #194
Closed code423n4 closed 1 year ago
c4-judge
commented
1 year ago gzeon-c4 marked the issue as duplicate of #194
c4-judge
commented
1 year ago gzeon-c4 marked the issue as satisfactory
Lines of code
https://github.com/code-423n4/2022-12-forgeries/blob/fc271cf20c05ce857d967728edfb368c58881d85/src/VRFNFTRandomDraw.sol#L163
Vulnerability details
Impact
The drawer can choose whichever gas lane(keyHash) they like. Giving this choice to the drawer may result in no winners if the network is congested and the drawer chooses a cheap gas lane.
Recommended Mitigation Steps
Check the options of keyHashes that can be used in the network where the contracts will be deployed and decide on a reasonable keyHash. Preset that keyHash in the factory contract instead of letting drawers choose the keyHash.