c4-judge
commented
6 months ago 0xleastwood marked the issue as satisfactory
Closed c4-judge closed 6 months ago
c4-judge
commented
6 months ago 0xleastwood marked the issue as satisfactory
c4-judge
commented
6 months ago 0xleastwood marked the issue as duplicate of #28
c4-judge
commented
6 months ago 0xleastwood marked the issue as partial-50
0xleastwood
commented
6 months ago Giving partial credit because it fails to assess the risk of users entering right before prize distribution. Hence, they will not be eligible for a prize.
Judge has assessed an item in Issue #21 as 2 risk. The relevant finding follows:
[L-02] User may still enter tickets when the winning tickets is set Proof of Concept When enter tickets, it will check the length of winning tickets prizeIndex 0 is zero:
require(winningTickets[currentRound_][0].length == 0, "ET"); But in setWinningTickets(), it’s possible for the admin to set other prizeIndex winning tickets first because there is no check to ensure the prizeIndex 0 winning tickets is first set. As a result, if prizeIndex 0 tickets is not set first, a user may still enter tickets.