c4-judge
commented
1 year ago Picodes marked the issue as satisfactory
Open code423n4 opened 1 year ago
c4-judge
commented
1 year ago Picodes marked the issue as satisfactory
Lines of code
Vulnerability details
Issue mitigated
About the problem
_computeNextNumberOfTiersfunction was implemented in such way, that even if not enough prizes for canary tier were claimed, then it increased tiers amount. So it was enough just to have 1 canary tier prize claimed and amount of tiers will be increased.Solution
Pool together team has changed prize logic a lot. Now we don't have such thing as canary tier. Every time, when someone claim prize, then
claimCountis increased. And thisclaimCountvariable is used to detect amount of tiers for the next draw. So before that change, tiers count for the next draw depended on the last claimed tier, which was possible to manipulate by claiming it without profit to make next draw to be created with at least same amount of tiers to make it not profitable to claim prizes for users. Now tiers amount depends on amount of claimed prizes in previous draw.