The issue was about incorrectly setting the Tier Odds, specifically for the highest tier.
As per the documentation, the Canary Tier and the highest normal prize tier should be 1, and in the previous implementation, only the Canary Tier was set to 1.
Mitigation
As part of the mitigation, new logic to set the Tier Odds at construction time was introduced.
Now, when the contract is deployed, it is computed the estimated prizes for all the different available tiers, a min, and a max number of tiers are set (3-10, respectively), and the Tier Odds are computed in the constructor().
The new update fixes the issue of not setting correctly the highest normal tier.
Lines of code
Vulnerability details
Original Issue
M-12 - Tier odds in TieredLiquidityDistributor are incorrect
Details
The issue was about incorrectly setting the Tier Odds, specifically for the highest tier.
Mitigation
Now, when the contract is deployed, it is computed the estimated prizes for all the different available tiers, a min, and a max number of tiers are set (3-10, respectively), and the Tier Odds are computed in the constructor().
TIER_ODDS_0_3 = TierCalculationLib.getTierOdds(0, 2, _grandPrizePeriodDraws); TIER_ODDS_1_3 = SD59x18.wrap(1000000000000000000); TIER_ODDS_2_3 = SD59x18.wrap(1000000000000000000); TIER_ODDS_0_4 = TierCalculationLib.getTierOdds(0, 3, _grandPrizePeriodDraws); TIER_ODDS_1_4 = TierCalculationLib.getTierOdds(1, 3, _grandPrizePeriodDraws); TIER_ODDS_2_4 = SD59x18.wrap(1000000000000000000); TIER_ODDS_3_4 = SD59x18.wrap(1000000000000000000); TIER_ODDS_0_5 = TierCalculationLib.getTierOdds(0, 4, _grandPrizePeriodDraws); TIER_ODDS_1_5 = TierCalculationLib.getTierOdds(1, 4, _grandPrizePeriodDraws); TIER_ODDS_2_5 = TierCalculationLib.getTierOdds(2, 4, _grandPrizePeriodDraws); TIER_ODDS_3_5 = SD59x18.wrap(1000000000000000000); TIER_ODDS_4_5 = SD59x18.wrap(1000000000000000000); TIER_ODDS_0_6 = TierCalculationLib.getTierOdds(0, 5, _grandPrizePeriodDraws); TIER_ODDS_1_6 = TierCalculationLib.getTierOdds(1, 5, _grandPrizePeriodDraws); TIER_ODDS_2_6 = TierCalculationLib.getTierOdds(2, 5, _grandPrizePeriodDraws); TIER_ODDS_3_6 = TierCalculationLib.getTierOdds(3, 5, _grandPrizePeriodDraws); TIER_ODDS_4_6 = SD59x18.wrap(1000000000000000000); TIER_ODDS_5_6 = SD59x18.wrap(1000000000000000000);
... ... ... }
Conclusion
The implemented mitigation solves the original issue.