c4-judge
commented
1 year ago Picodes marked the issue as satisfactory
Open code423n4 opened 1 year ago
c4-judge
commented
1 year ago Picodes marked the issue as satisfactory
Lines of code
Vulnerability details
Comments
The number of prize tiers in the V5 is dynamic in that the number of prize tiers should only increase if a high enough portion of both the highest standard tier and the canary tier are claimed in a given prize draw. However the previous implementation had a bug where the number of prize tiers would increase if at least 1 canary prize was claimed. The result would be that there would be too many tiers based on the available liquidity, leading to a situation where the prizes are too small to incentivise claiming.
Mitigation
The updated implementation does not distinguish between canary prize claims and normal prize tier claims when calculating the next number of tiers. The number of tiers for the next prize draw is now only calculated based on the total number of claims that have been made (regardless of tier), so the original issue has been resolved.
Conclusion
LGTM