H-08 MitigationConfirmed

[code423n4]

Lines of code

Vulnerability details

Issue mitigated

About the problem

PrizePool.increaseReserve function doesn't track funds that were sent as prize token balance. This allows anyone who will call contributePrizeTokens function to steal those tokens and use to increase own chances to win.

Solution

This was solved by tracking contributed amount in the _accountedBalance function. All contributed balance is now accumulated in the directlyContributedReserve variable.

[c4-judge]

Picodes marked the issue as satisfactory