code423n4 commented 1 year ago

Lines of code

Vulnerability details

Original Issue

M-10 - PrizePool -> Winners wouldn't be able to claim prize correctly in claimPrize function

Details

In the previous implementation there was a risk of underflow when downcasting the returned value from the _computePrizeSize(), it returned a uint256 and in the _getTier() it was downcasted to uint96.

Mitigation

The fix for this issue was to refactor the dataype of the Tier.prizeSize variable, now, instead of being a uint96 it is a uint104, and all the places where this functions is used were also updated to work with the new datatype.

Also, in the _computePrizeSize() there is a check to determine if the new computedPrize exceed the type(uint104).max value, if so, it will return type(uint104).max, otherwise it will return the computed value.
```
function _computePrizeSize(
...
) internal view returns (uint104) {
...
if (prizeSize > type(uint104).max) {
  return type(uint104).max;
} else {
  return uint104(prizeSize);
}
}```
```

Conclusion

The implemented mitigation solves the original issue.

c4-judge commented 1 year ago

Picodes marked the issue as satisfactory