If the draw id is very large ,users may not have a chance to win.
Proof of Concept
By calling the function buyTickets() users will purchase tickets,where the draw is conducted weekly, every Wednesday.The user can arbitrarily specify the draw id in the parameter.Every Wednesday the protocol calculates the winning ticket according the currcent draw. If the draw id is very large ,users may not have a chance to win.
Lines of code
https://github.com/code-423n4/2023-03-wenwin/blob/main/src/Lottery.sol#L111
Vulnerability details
Impact
If the draw id is very large ,users may not have a chance to win.
Proof of Concept
By calling the function
buyTickets()
users will purchase tickets,where the draw is conducted weekly, every Wednesday.The user can arbitrarily specify the draw id in the parameter.Every Wednesday the protocol calculates the winning ticket according the currcent draw. If the draw id is very large ,users may not have a chance to win.Tools Used
Vscode
Recommended Mitigation Steps
Limit the range of draw