search

code-423n4 / 2024-02-thruster-findings

2 stars 1 forks source link

setMaxPrizeCount function may lock some prizes #10

Closed c4-bot-4 closed 6 months ago

c4-bot-4 commented 7 months ago

Lines of code

https://github.com/code-423n4/2024-02-thruster/blob/main/thruster-protocol/thruster-treasure/contracts/ThrusterTreasure.sol#L139-L142

Vulnerability details

Proof of Concept

When winners are selected, then users can claim prizes at any time. claimPrizesForRound loops through maxPrizeCount prizes and checks if user is winner.

maxPrizeCount variable can be changed by admin. In case if it will be changed to smaller value than maximum unclaimed prize for any round, then this prize will be skipped and users will not be able to claim it anymore.

Example:

  1. maxPrizeCount is 10 and there is a prize with index 9 which user has won.
  2. user didn't claim prize yet and admin has changed maxPrizeCount to 8.
  3. user wants to claim prize, but it's not possible.

    Impact

    Users can't claim prizes

Tools Used

VsCode

Recommended Mitigation Steps

Do not allow to change maxPrizeCount.

Assessed type

Error

jooleseth commented 6 months ago

28

0xEVom commented 6 months ago

I think this is actually a duplicate of #25

c4-judge commented 6 months ago

0xleastwood marked the issue as duplicate of #25

c4-judge commented 6 months ago

0xleastwood marked the issue as satisfactory