Open c4-bot-4 opened 7 months ago
0xleastwood marked the issue as satisfactory
I would classify this as an admin mistake since the function setRoot
very clearly starts a new round and winning tickets can only be set for the current round.
This is an admin mistake, would consider it Low Severity given the likelihood it happens
jooleseth marked the issue as disagree with severity
jooleseth (sponsor) acknowledged
Requires admin mistake, agree with low severity.
0xleastwood removed the grade
0xleastwood changed the severity to QA (Quality Assurance)
Lines of code
https://github.com/code-423n4/2024-02-thruster/blob/main/thruster-protocol/thruster-treasure/contracts/ThrusterTreasure.sol#L257
Vulnerability details
Proof of Concept
When winners are selected, then
currentTickets
value is used to calculate winner ticket. This value is updated, whensetRoot
is called and new round is started. Then everyone can add new tickets, which increasescurrentTickets
.In case if
setRoot
is called, beforesetWinningTickets
for the current round, thensetWinningTickets
function will use wrongcurrentTickets
variable and result will be incorrect.Impact
Incorrect winners detection possible
Tools Used
VsCode
Recommended Mitigation Steps
Store info about finish of winners selection for each round. And only when it's done allow to create new round.
Assessed type
Error