raymondfam
commented
1 year ago A known issue in the bot.
Closed code423n4 closed 1 year ago
raymondfam
commented
1 year ago A known issue in the bot.
c4-pre-sort
commented
1 year ago raymondfam marked the issue as low quality report
c4-judge
commented
1 year ago HickupHH3 marked the issue as unsatisfactory: Insufficient proof
HickupHH3
commented
1 year ago see #34
Lines of code
https://github.com/GenerationSoftware/pt-v5-draw-auction/blob/f1c6d14a1772d6609de1870f8713fb79977d51c1/src/RngRelayAuction.sol#L167-L169
Vulnerability details
Impact
A malicious actor can manipulate the AuctionResult[] passed to RewardLib.rewards() to make it return a short _rewards array
Proof of Concept
The issue is that there is no check that i stays within the bounds of _rewards. If _rewards is shorter than expected, this loop could try to access elements past the end of the array, causing an out of bounds error
Tools Used
Manual
Recommended Mitigation Steps
bounds checking should be added
Assessed type
Other