raymondfam
commented
1 year ago Over-inflated and a known QA issue in the bot.
Closed code423n4 closed 1 year ago
raymondfam
commented
1 year ago Over-inflated and a known QA issue in the bot.
c4-pre-sort
commented
1 year ago raymondfam marked the issue as low quality report
c4-judge
commented
1 year ago HickupHH3 marked the issue as unsatisfactory: Overinflated severity
Lines of code
https://github.com/GenerationSoftware/pt-v5-draw-auction/blob/f1c6d14a1772d6609de1870f8713fb79977d51c1/src/RngRelayAuction.sol#L250-L257
Vulnerability details
Impact
It could cause an integer underflow when calculating the reward fraction, resulting in the attacker getting more rewards than intended. True or false, explain in details, show relevant code and explain proof of co
Proof of Concept
The RewardLib.fractionalReward() takes _elapsedSeconds as one of its parameters. If an attacker provides a very large _elapsedSeconds value near UINT64_MAX, when it is subtracted from _auctionDurationSeconds, it could underflow and become a very small number.
Tools Used
Manual
Recommended Mitigation Steps
add a check to ensure _elapsedSeconds is less than _auctionDurationSeconds before calling RewardLib.fractionalReward():
Assessed type
Under/Overflow