Possible centralization issue in PrizePool.closeDraw

[code423n4]

Lines of code

https://github.com/GenerationSoftware/pt-v5-prize-pool/blob/main/src/PrizePool.sol#L348

Vulnerability details

The winning random number is chosen by DrawManager, which will lead to centralization risk. Despite havent`t really deep dive in codebase of this issue, but if DrawManager ,can somehow calculate which random number can make their controlled address is winner with bigest prize, it will be catastrophic

Impact

Centralization issue.

Tools Used

Manual review.

Recommended Mitigation Steps

Using ChainlinkVRF to generate fair random number for draw.

Assessed type

Other

[c4-judge]

Picodes marked the issue as unsatisfactory: Invalid