In the previous implementation there was a risk of underflow when downcasting the returned value from the _computePrizeSize(), it returned a uint256 and in the _getTier() it was downcasted to uint96.
Mitigation
The fix for this issue was to refactor the dataype of the Tier.prizeSize variable, now, instead of being a uint96 it is a uint104, and all the places where this functions is used were also updated to work with the new datatype.
Also, in the _computePrizeSize() there is a check to determine if the new computedPrize exceed the type(uint104).max value, if so, it will return type(uint104).max, otherwise it will return the computed value.
Lines of code
Vulnerability details
Original Issue
M-10 - PrizePool -> Winners wouldn't be able to claim prize correctly in claimPrize function
Details
In the previous implementation there was a risk of underflow when downcasting the returned value from the
_computePrizeSize()
, it returned a uint256 and in the_getTier()
it was downcasted to uint96.Mitigation
The fix for this issue was to refactor the dataype of the Tier.prizeSize variable, now, instead of being a uint96 it is a uint104, and all the places where this functions is used were also updated to work with the new datatype.
_computePrizeSize()
there is a check to determine if the new computedPrize exceed the type(uint104).max value, if so, it will return type(uint104).max, otherwise it will return the computed value.Conclusion
The implemented mitigation solves the original issue.