search

code-423n4 / 2022-12-forgeries-findings

0 stars 0 forks source link

Low value for minimumRequestConfirmations can cause issues in chains with frequent chain reorgs #281

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2022-12-forgeries/blob/fc271cf20c05ce857d967728edfb368c58881d85/src/VRFNFTRandomDraw.sol#L24

Vulnerability details

Impact

minimumRequestConfirmations parameter is set to 3 which is the minimum value it can get and might be an issue with chains with a high number of chain reorgs. Check here for an example of reorg depths on polygon chain: https://polygonscan.com/blocks_forked

Recommended Mitigation Steps

Set minimumRequestConfirmations to a higher value depending on the chains you are planning to deploy

hansfriese commented 1 year ago

screenshot_68

c4-judge commented 1 year ago

gzeon-c4 changed the severity to QA (Quality Assurance)

c4-judge commented 1 year ago

gzeon-c4 marked the issue as grade-c