search

code-423n4 / 2023-08-pooltogether-mitigation-findings

0 stars 0 forks source link

M-16 MitigationConfirmed #56

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

Vulnerability details

Issue mitigated

About the problem

This report talks about the case, when _nextNumberOfTiers >= MAXIMUM_NUMBER_OF_TIERS inside _computeNextNumberOfTiers function. In this case, _nextNumberOfTiers variable will be returned as amount of tiers to be created for next draw, which is incorrect.

Solution

Old way of tiers calculation for the next draw has been removed. Now every time, when someone claim prize, then claimCount is increased. And this claimCount variable is used to detect amount of tiers for the next draw. As result, this issue doesn't exist anymore.

c4-judge commented 1 year ago

Picodes marked the issue as satisfactory

c4-judge commented 1 year ago

Picodes marked the issue as nullified