search

code-423n4 / 2023-08-pooltogether-mitigation-findings

0 stars 0 forks source link

M-27 MitigationConfirmed #66

Open code423n4 opened 12 months ago

code423n4 commented 12 months ago

Lines of code

Vulnerability details

Issue mitigated

About the problem

Claimer.claimPrizes calculates fee for the claiming based on prizePool.claimCount amount, without considering prizePool.canaryClaimCount amount. Because of that, fee was calculated incorrectly.

Solution

Pool together team has changed tiers managing. Now they don't have such thing as canary tier. Now every time, when someone claim prize(no matter on which tier), then claimCount is increased. And this claimCount variable is used inside Claimer.claimPrizes, which is correct.

c4-judge commented 11 months ago

Picodes marked the issue as satisfactory

c4-judge commented 11 months ago

Picodes marked the issue as confirmed for report