setDrawManager offers Attacker to frontrun the tx which can lock drawManager role.
User will have to do costly redeployment which again prone to frontrun attack if he doesn't specify drawManager role in constructor and leads to DOS .
scenarios
if drawManager has not been set in constructor [DOS]
this will lead to DOS as for every deployment Attacker can frontrun the setDrawManager. This will lock the
drawManager role and so prizePool
As in constructor there is no address check for address so invalid address will cost redeployment
set the drawManager role to deployer(msg.sender) in constructor and then add a option to change setdrawManager where deployer can set drawManager to any address
Lines of code
https://github.com/GenerationSoftware/pt-v5-prize-pool/blob/4bc8a12b857856828c018510b5500d722b79ca3a/src/PrizePool.sol#L299
Vulnerability details
Impact
setDrawManager
offers Attacker to frontrun the tx which can lockdrawManager
role. User will have to do costly redeployment which again prone to frontrun attack if he doesn't specifydrawManager
role in constructor and leads to DOS .scenarios
if
drawManager
has not been set in constructor [DOS] this will lead to DOS as for every deployment Attacker can frontrun thesetDrawManager
. This will lock thedrawManager
role and soprizePool
As in constructor there is no address check for address so invalid address will cost redeployment
Proof of Concept
see Impact
https://github.com/GenerationSoftware/pt-v5-prize-pool/blob/4bc8a12b857856828c018510b5500d722b79ca3a/src/PrizePool.sol#L258C2-L283C1
https://github.com/GenerationSoftware/pt-v5-prize-pool/blob/4bc8a12b857856828c018510b5500d722b79ca3a/src/PrizePool.sol#L299C1-L307C1
Tools Used
Manual
Recommended Mitigation Steps
set the
drawManager
role to deployer(msg.sender
) in constructor and then add a option to changesetdrawManager
where deployer can setdrawManager
to any addressAssessed type
Access Control