When winners are selected, then users can claim prizes at any time.
claimPrizesForRoundloops through maxPrizeCount prizes and checks if user is winner.
maxPrizeCount variable can be changed by admin. In case if it will be changed to smaller value than maximum unclaimed prize for any round, then this prize will be skipped and users will not be able to claim it anymore.
Example:
maxPrizeCount is 10 and there is a prize with index 9 which user has won.
user didn't claim prize yet and admin has changed maxPrizeCount to 8.
Lines of code
https://github.com/code-423n4/2024-02-thruster/blob/main/thruster-protocol/thruster-treasure/contracts/ThrusterTreasure.sol#L139-L142
Vulnerability details
Proof of Concept
When winners are selected, then users can claim prizes at any time.
claimPrizesForRound
loops throughmaxPrizeCount
prizes and checks if user is winner.maxPrizeCount
variable can be changed by admin. In case if it will be changed to smaller value than maximum unclaimed prize for any round, then this prize will be skipped and users will not be able to claim it anymore.Example:
Impact
Users can't claim prizes
Tools Used
VsCode
Recommended Mitigation Steps
Do not allow to change
maxPrizeCount
.Assessed type
Error