Closed code423n4 closed 11 months ago
https://github.com/GenerationSoftware/pt-v5-prize-pool/blob/4bc8a12b857856828c018510b5500d722b79ca3a/src/PrizePool.sol#L237
the variable _winningRandomNumber used in isWinner() to calc if caller has won the tier can be read, and the calculation can be predicted.
https://github.com/GenerationSoftware/pt-v5-prize-pool/blob/4bc8a12b857856828c018510b5500d722b79ca3a/src/PrizePool.sol#L237C41-L237C41
that a variable is marked internal doesnt mean it cannot be read
vs code
find better ways to do the determination of the winner
Other
The variable can be read but is only disclosed after the winner has been fixed. How can this be used in an attack?
Picodes marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/GenerationSoftware/pt-v5-prize-pool/blob/4bc8a12b857856828c018510b5500d722b79ca3a/src/PrizePool.sol#L237
Vulnerability details
Impact
the variable _winningRandomNumber used in isWinner() to calc if caller has won the tier can be read, and the calculation can be predicted.
Proof of Concept
https://github.com/GenerationSoftware/pt-v5-prize-pool/blob/4bc8a12b857856828c018510b5500d722b79ca3a/src/PrizePool.sol#L237C41-L237C41
that a variable is marked internal doesnt mean it cannot be read
Tools Used
vs code
Recommended Mitigation Steps
find better ways to do the determination of the winner
Assessed type
Other