c4-judge
commented
1 year ago thereksfour marked the issue as unsatisfactory: Overinflated severity
Closed code423n4 closed 1 year ago
c4-judge
commented
1 year ago thereksfour marked the issue as unsatisfactory: Overinflated severity
c4-judge
commented
1 year ago thereksfour marked the issue as duplicate of #445
c4-judge
commented
1 year ago thereksfour marked the issue as satisfactory
c4-judge
commented
1 year ago thereksfour changed the severity to QA (Quality Assurance)
c4-judge
commented
1 year ago thereksfour marked the issue as grade-c
Lines of code
https://github.com/code-423n4/2023-03-wenwin/blob/91b89482aaedf8b8feb73c771d11c257eed997e8/src/RNSourceController.sol#L60-L75
Vulnerability details
Impact
The VRF service provider can influence the winning ticket.
Proof of Concept
RNSourceController.retryallows anyone to re-request the winning ticket if the VRF service provider fails to fulfill the request within a certain time frame. Any re-request of randomness is an incorrect use of VRFv2. Allowing for this gives the VRF service provider the option to withhold a VRF fulfillment if the outcome is not favorable to them and wait for the re-request in the hopes that they get a better outcome.Tools Used
Code inspection
Recommended Mitigation Steps
Do not re-request randomness. The unlikely event that the randomness is not fulfilled can be handled in other ways, such as cancelling the draw and offering ticket holders a refund.