M-15 MitigationConfirmed

[code423n4]

Lines of code

Vulnerability details

Original Issue

M-15 - Tiers can be mantained active to give unfair advantage to user through DoS #

Details

The original issue was caused because users could maintain Tiers active when they should've been closed.

• When claiming prizes there was a variable largestTierClaimed that was set to be the tier from where the prizes are being claimed.
• The original issue describes in detail how an attacker was able to maintain a Tier active, causing that all new added liquidity was not distributed as it should be to the new Tiers, causing most of the liquidity to be concentrated in the highest open Tier, thus, leaving the rest of tiers with not enough incentives for bots to claim the prizes on the user's behalf.

Mitigation

The mitigation simplifies the tier expansion algorithm and also unify the canary and normal tiers by assigning an equal amount of shares to all the Tiers. Thanks to unification, the largestTierClaimed variable when claiming prizes, thus, the attack vector is no longer possible, attackers can't keep active a Tier.

Conclusion

The implemented mitigation solves the original issue.

[c4-judge]

Picodes marked the issue as satisfactory

[c4-judge]

Picodes marked the issue as confirmed for report