search

code-423n4 / 2023-03-wenwin-findings

1 stars 1 forks source link

`getMinimumEligibleReferralsFactorCalculation` not working at edge cases as per given ranges #390

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-03-wenwin/blob/main/src/ReferralSystem.sol#L111-L130

Vulnerability details

Impact

getMinimumEligibleReferralsFactorCalculation not working at edge cases as per ranges given in documentation.

Proof of Concept

https://github.com/code-423n4/2023-03-wenwin/blob/main/src/ReferralSystem.sol#L111-L130

function getMinimumEligibleReferralsFactorCalculation(uint256 totalTicketsSoldPrevDraw)
    internal
    view
    virtual
    returns (uint256 minimumEligible)
{
    if (totalTicketsSoldPrevDraw < 10_000) { //@audit-issue should be <= as per doc        
        // 1%
        return totalTicketsSoldPrevDraw.getPercentage(PercentageMath.ONE_PERCENT);
    }
    if (totalTicketsSoldPrevDraw < 100_000) { //@audit-issue should be <= as per doc        
        // 0.75%
        return totalTicketsSoldPrevDraw.getPercentage(PercentageMath.ONE_PERCENT * 75 / 100);
    }
    if (totalTicketsSoldPrevDraw < 1_000_000) { //@audit-issue should be <= as per doc        
        // 0.5%
        return totalTicketsSoldPrevDraw.getPercentage(PercentageMath.ONE_PERCENT * 50 / 100);
    }
    return 5000;
}

Documentation reference: https://docs.wenwin.com/wenwin-lottery/protocol-architecture/token/rewards/referrals

As per the column for Previous Draw's Total Tickets Sold (t) in doc, the last value in range have <= but in code, its using strictly less than. Which could affect minimum eligible referrals factor calculation at last boundry of range.

Tools Used

Manual Review

Recommended Mitigation Steps

function getMinimumEligibleReferralsFactorCalculation(uint256 totalTicketsSoldPrevDraw)
    internal
    view
    virtual
    returns (uint256 minimumEligible)
{
    if (totalTicketsSoldPrevDraw <= 10_000) { //@audit-fix
        // 1%
        return totalTicketsSoldPrevDraw.getPercentage(PercentageMath.ONE_PERCENT);
    }
    if (totalTicketsSoldPrevDraw <= 100_000) { //@audit-fix
        // 0.75%
        return totalTicketsSoldPrevDraw.getPercentage(PercentageMath.ONE_PERCENT * 75 / 100);
    }
    if (totalTicketsSoldPrevDraw <= 1_000_000) { //@audit-fix
        // 0.5%
        return totalTicketsSoldPrevDraw.getPercentage(PercentageMath.ONE_PERCENT * 50 / 100);
    }
    return 5000;
}
c4-judge commented 1 year ago

thereksfour marked the issue as primary issue

c4-sponsor commented 1 year ago

TutaRicky marked the issue as disagree with severity

TutaRicky commented 1 year ago

This is not for (2 Med Risk)

c4-judge commented 1 year ago

thereksfour changed the severity to QA (Quality Assurance)

c4-judge commented 1 year ago

thereksfour marked the issue as grade-c