The "prizes claiming" transaction can be under a denial-of-service (DoS) attack.
Proof of Concept
The Vault._claimPrize() implements hook triggers (beforeClaimPrize and afterClaimPrize) and calls them if a winner enables one of them.
In this way, an attacker can register hook functions that can make a denial-of-service (DoS) attack on the "prizes claiming" transaction by reverting the transaction, creating a returnbomb attack, or spending all available gas.
Since one "prizes claiming" transaction can contain a batch of multiple winners, other legit winners will not be able to receive their prizes.
Of course, the likelihood of this issue might be considered "LOW" (since the attacker must be one of the winners), but the impact of this issue is considered "HIGH".
Tools Used
Manual Review
Recommended Mitigation Steps
I recommend applying the excessivelySafeCall() to avoid the DoS attack via the beforeClaimPrize and afterClaimPrize hook functions.
Lines of code
https://github.com/GenerationSoftware/pt-v5-vault/blob/b1deb5d494c25f885c34c83f014c8a855c5e2749/src/Vault.sol#L1053 https://github.com/GenerationSoftware/pt-v5-vault/blob/b1deb5d494c25f885c34c83f014c8a855c5e2749/src/Vault.sol#L1068
Vulnerability details
The "prizes claiming" transaction can be under a denial-of-service (DoS) attack.
Proof of Concept
The
Vault._claimPrize()
implements hook triggers (beforeClaimPrize and afterClaimPrize) and calls them if a winner enables one of them.In this way, an attacker can register hook functions that can make a denial-of-service (DoS) attack on the "prizes claiming" transaction by reverting the transaction, creating a returnbomb attack, or spending all available gas.
beforeClaimPrize hook: https://github.com/GenerationSoftware/pt-v5-vault/blob/b1deb5d494c25f885c34c83f014c8a855c5e2749/src/Vault.sol#L1053
afterClaimPrize hook: https://github.com/GenerationSoftware/pt-v5-vault/blob/b1deb5d494c25f885c34c83f014c8a855c5e2749/src/Vault.sol#L1068
Impact
Since one "prizes claiming" transaction can contain a batch of multiple winners, other legit winners will not be able to receive their prizes.
Of course, the likelihood of this issue might be considered "LOW" (since the attacker must be one of the winners), but the impact of this issue is considered "HIGH".
Tools Used
Manual Review
Recommended Mitigation Steps
I recommend applying the excessivelySafeCall() to avoid the DoS attack via the
beforeClaimPrize
andafterClaimPrize
hook functions.Assessed type
DoS