Closed code423n4 closed 1 year ago
https://github.com/code-423n4/2023-03-wenwin/blob/91b89482aaedf8b8feb73c771d11c257eed997e8/src/Lottery.sol#L129
Missing checks for the value of the frontend address in the buyTickets function allows for setting the frontend end address to the zero address, this could potentially lead to the loss of rewards, as there will be no way to recover the rewards
buyTickets
N/A
Manual Review
Add checks to make sure frontend address is valid
function buyTickets( uint128[] calldata drawIds, uint120[] calldata tickets, address frontend, address referrer ) external override requireJackpotInitialized returns (uint256[] memory ticketIds) { if (drawIds.length != tickets.length) { revert DrawsAndTicketsLenMismatch(drawIds.length, tickets.length); } ticketIds = new uint256[](tickets.length); for (uint256 i = 0; i < drawIds.length; ++i) { ticketIds[i] = registerTicket(drawIds[i], tickets[i], frontend, referrer); } referralRegisterTickets(currentDraw, referrer, msg.sender, tickets.length); require(frontend != address(0), "Frontend address cannot be 0"); frontendDueTicketSales[frontend] += tickets.length; rewardToken.safeTransferFrom(msg.sender, address(this), ticketPrice * tickets.length); }
thereksfour changed the severity to QA (Quality Assurance)
thereksfour marked the issue as grade-c
Lines of code
https://github.com/code-423n4/2023-03-wenwin/blob/91b89482aaedf8b8feb73c771d11c257eed997e8/src/Lottery.sol#L129
Vulnerability details
Impact
Missing checks for the value of the frontend address in the
buyTickets
function allows for setting the frontend end address to the zero address, this could potentially lead to the loss of rewards, as there will be no way to recover the rewardsProof of Concept
N/A
Tools Used
Manual Review
Recommended Mitigation Steps
Add checks to make sure frontend address is valid