Closed code423n4 closed 1 year ago
thereksfour marked the issue as unsatisfactory: Invalid
It may be intentional. Referrer can be rewarded for the epoch in which the referred person buys the lottery ticket. Consider QA. Open it for sponsors.
thereksfour marked the issue as nullified
thereksfour marked the issue as not nullified
thereksfour marked the issue as primary issue
TutaRicky marked the issue as sponsor disputed
The issue is that the referral registration happens for the current draw regardless of which draw the tickets are purchased for...
This is by design decision.
thereksfour marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-03-wenwin/blob/91b89482aaedf8b8feb73c771d11c257eed997e8/src/Lottery.sol#L125-L128
Vulnerability details
When accounting for referrals, the
beforeTicketRegistrationDeadline
ensure tickets cannot be purchased after the draw registration deadline.The issue is that the referral registration happens for the current draw regardless of which draw the tickets are purchased for
This will increase the number of
unclaimed tickets
of the referrer for the current draw, even though the deadline has passedWhich is the amount used when computing their claim in
claimPerDraw
.Impact
Referrers are able to bypass the registration deadline, effectively stealing current a share of the draw rewards
Tools Used
Manual analysis
Recommended Mitigation Steps
The referral registration upon
buyTicket
should account for the draw the tickets are bought for.