Closed code423n4 closed 1 year ago
https://github.com/wenwincom/wenwin-contracts/blob/main/src/Lottery.sol#L113
Contract miss check for msg.sender != frontend, so user can buy ticket and pass own address in frontend parameter. And get reward as frontend.
vm.startPrank(USER); rewardToken.mint(5 ether); rewardToken.approve(address(lottery), 10 ether); lottery.buyTickets(drawIds, tickets, USER, address(0)); console.log("before balance - ", rewardToken.balanceOf(USER)); lottery.claimRewards(LotteryRewardType.FRONTEND); console.log("after balance - ", rewardToken.balanceOf(USER));
ide
I think owner should has function for add/delete frontends manually. OR require(msg.sender != frontend) in buyTickets function
thereksfour marked the issue as duplicate of #483
thereksfour changed the severity to QA (Quality Assurance)
Lines of code
https://github.com/wenwincom/wenwin-contracts/blob/main/src/Lottery.sol#L113
Vulnerability details
Impact
Contract miss check for msg.sender != frontend, so user can buy ticket and pass own address in frontend parameter. And get reward as frontend.
Proof of Concept
Tools Used
ide
Recommended Mitigation Steps
I think owner should has function for add/delete frontends manually. OR require(msg.sender != frontend) in buyTickets function