Risk Breakdown:
The incorrect calculation of tier odds can have several implications:
The incorrect odds can lead to imbalances in the prize distribution among different tiers. Some tiers may receive more or fewer prizes than intended, impacting the fairness of the system.
Inaccurate prize distributions can erode user trust in the platform. Users may perceive the system as unfair or unreliable, leading to a negative impact on the platform's reputation.
If the incorrect odds result in significant imbalances in prize distributions, participants may experience financial losses if they expected a different probability of winning.
The getTierOdds function calculates the odds of a tier occurring for a single draw. However, there is a bug in the calculation of the exponentiation. The line E.pow(_k.mul(sd(int8(_tier) - (int8(_numberOfTiers) - 1)))); should be E.pow(_k.mul(sd(int8(_tier) - int8(_numberOfTiers) + 1)));. The incorrect calculation could lead to incorrect odds for each tier, resulting in inaccurate prize distributions.
To prove the bug, we can use a simple example. Let's assume _tier = 2, _numberOfTiers = 3, and _grandPrizePeriod = 10. We can calculate the expected odds manually:
Lines of code
https://github.com/GenerationSoftware/pt-v5-prize-pool/blob/4bc8a12b857856828c018510b5500d722b79ca3a/src/libraries/TierCalculationLib.sol#L17-L27 https://github.com/GenerationSoftware/pt-v5-prize-pool/blob/4bc8a12b857856828c018510b5500d722b79ca3a/src/libraries/TierCalculationLib.sol#L26
Vulnerability details
Impact
Risk Breakdown: The incorrect calculation of tier odds can have several implications:
The incorrect odds can lead to imbalances in the prize distribution among different tiers. Some tiers may receive more or fewer prizes than intended, impacting the fairness of the system.
Inaccurate prize distributions can erode user trust in the platform. Users may perceive the system as unfair or unreliable, leading to a negative impact on the platform's reputation.
If the incorrect odds result in significant imbalances in prize distributions, participants may experience financial losses if they expected a different probability of winning.
Proof of Concept
TierCalculationLib.sol#L17-L27
The getTierOdds function calculates the odds of a tier occurring for a single draw. However, there is a bug in the calculation of the exponentiation. The line
E.pow(_k.mul(sd(int8(_tier) - (int8(_numberOfTiers) - 1))));
should beE.pow(_k.mul(sd(int8(_tier) - int8(_numberOfTiers) + 1)));
. The incorrect calculation could lead to incorrect odds for each tier, resulting in inaccurate prize distributions.To prove the bug, we can use a simple example. Let's assume
_tier = 2
,_numberOfTiers = 3
, and_grandPrizePeriod = 10
. We can calculate the expected odds manually:By fixing the calculation, we should get the expected odds. Let's demonstrate this:
Implementation of the proof:
References:
Tools Used
None
Recommended Mitigation
See PoC Please.
Assessed type
Math