The winning random number is chosen by DrawManager, which will lead to centralization risk. Despite havent`t really deep dive in codebase of this issue, but if DrawManager ,can somehow calculate which random number can make their controlled address is winner with bigest prize, it will be catastrophic
Impact
Centralization issue.
Tools Used
Manual review.
Recommended Mitigation Steps
Using ChainlinkVRF to generate fair random number for draw.
Lines of code
https://github.com/GenerationSoftware/pt-v5-prize-pool/blob/main/src/PrizePool.sol#L348
Vulnerability details
The winning random number is chosen by DrawManager, which will lead to centralization risk. Despite havent`t really deep dive in codebase of this issue, but if DrawManager ,can somehow calculate which random number can make their controlled address is winner with bigest prize, it will be catastrophic
Impact
Centralization issue.
Tools Used
Manual review.
Recommended Mitigation Steps
Using ChainlinkVRF to generate fair random number for draw.
Assessed type
Other