There is no validation of the length of winners and prizeIndices array in the claimPrizes function.
If the length of the winners is lower than the prizeIndices, the rest of the prizeIndices will be skipped, so it's needed to check if it's the same length.
Lines of code
https://github.com/GenerationSoftware/pt-v5-claimer/blob/57a381aef690a27c9198f4340747155a71cae753/src/Claimer.sol#L60-L83
Vulnerability details
Impact
There is no validation of the length of
winners
andprizeIndices
array in theclaimPrizes
function. If the length of thewinners
is lower than the prizeIndices, the rest of the prizeIndices will be skipped, so it's needed to check if it's the same length.Proof of Concept
Tools Used
Manual review
Recommended Mitigation Steps
Recommended adding the validation step to verify it has the same length.
Assessed type
Invalid Validation