Closed code423n4 closed 1 year ago
https://github.com/code-423n4/2023-03-wenwin/blob/91b89482aaedf8b8feb73c771d11c257eed997e8/src/Lottery.sol#L110-L131
Add a protection to prevent someone from buying an infinite number of tickets in the "buyTickets" function.
Manual
uint256 public constant MAX_TICKETS_PER_TX = 1000; function buyTickets( uint128[] calldata drawIds, uint120[] calldata tickets, address frontend, address referrer ) external override requireJackpotInitialized returns (uint256[] memory ticketIds) { require(tickets.length <= MAX_TICKETS_PER_TX, "Too many tickets"); // Verifica que la cantidad de boletos no exceda el límite máximo if (drawIds.length != tickets.length) { revert DrawsAndTicketsLenMismatch(drawIds.length, tickets.length); } ticketIds = new uint256[](tickets.length); for (uint256 i = 0; i < drawIds.length; ++i) { ticketIds[i] = registerTicket(drawIds[i], tickets[i], frontend, referrer); } referralRegisterTickets(currentDraw, referrer, msg.sender, tickets.length); frontendDueTicketSales[frontend] += tickets.length; rewardToken.safeTransferFrom(msg.sender, address(this), ticketPrice * tickets.length); }
thereksfour marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-03-wenwin/blob/91b89482aaedf8b8feb73c771d11c257eed997e8/src/Lottery.sol#L110-L131
Vulnerability details
Impact
Add a protection to prevent someone from buying an infinite number of tickets in the "buyTickets" function.
Proof of Concept
https://github.com/code-423n4/2023-03-wenwin/blob/91b89482aaedf8b8feb73c771d11c257eed997e8/src/Lottery.sol#L110-L131
Tools Used
Manual
Recommended Mitigation Steps
Lines