c4-judge
commented
1 year ago thereksfour marked the issue as unsatisfactory: Invalid
Closed code423n4 closed 1 year ago
c4-judge
commented
1 year ago thereksfour marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-03-wenwin/blob/91b89482aaedf8b8feb73c771d11c257eed997e8/src/Lottery.sol#L110
Vulnerability details
An attacker could exploit this vulnerability by providing an incorrect drawIds or tickets array, which could lead to them purchasing more tickets than intended or at a discounted rate.
For example, if the drawIds array is longer than the tickets array, the function will assume that the remaining tickets are meant to be purchased at the same price as the last ticket in the tickets array. An attacker could take advantage of this by providing an drawIds array that is longer than the tickets array, resulting in them purchasing more tickets at a discounted rate.
Similarly, if the tickets array is longer than the drawIds array, the function will assume that the remaining tickets are meant to be purchased for the last draw in the drawIds array. An attacker could take advantage of this by providing a tickets array that is longer than the drawIds array, resulting in them purchasing more tickets than intended.
To prevent this vulnerability from being exploited, it is recommended to add a check to ensure that the length of both arrays is the same. This will ensure that the function operates correctly and prevent any potential loss of funds for the contract and its users.
manual