Closed code423n4 closed 1 year ago
thereksfour marked the issue as unsatisfactory: Overinflated severity
thereksfour marked the issue as satisfactory
thereksfour marked the issue as duplicate of #316
thereksfour marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-03-wenwin/blob/main/src/Lottery.sol#L175 https://github.com/code-423n4/2023-03-wenwin/blob/main/src/LotterySetup.sol#L80 https://github.com/code-423n4/2023-03-wenwin/blob/main/src/LotterySetup.sol#L161 https://github.com/code-423n4/2023-03-wenwin/blob/main/src/Lottery.sol#L151
Vulnerability details
Impact
Lottery Insolvency can lead to unclaimable winning tickets despite paying out Frontend and Staking rewards
Proof of Concept
When distributing the winning tokens, it is possible that there is an insufficient balance to be able to pay winning tickets while Frontend and Staking rewards are still claimable.
The call to
rewardToken.safeTransfer
can revert due to insufficient balance.This is possible because prizes have a fixed minimum that could lead to insufficient balance to cover the winnings.
Furthermore, Frontend and Staking rewards can be claimed at any time further depleting the available balance to cover winnings.
The following test demonstrates a contrived example of the lottery going into debt while still paying out rewards -
https://gist.github.com/alpeware/9dc133b0282cfa662cc0bb13de6dfbfc#file-referralsystembase-sol-L266
Tools Used
Foundry
Recommended Mitigation Steps
The case of insolvency should be handled specifically and dept payments accordingly.
A few ideas -