Closed sherlock-admin2 closed 9 months ago
kgothatso
high
YoloV2 :: cancelAfterRandomnessRequest
the is no access control on the cancelAfterRandomnessRequest function
cancelAfterRandomnessRequest
attacker can check if he/she is not a winner and just cancel the round before the withdraw
attacker can cancel until they win
https://github.com/sherlock-audit/2024-01-looksrare/blob/main/contracts-yolo/contracts/YoloV2.sol#L421
Manual Review
add a function modifier to the cancelAfterRandomnessRequestfunction .
cancelAfterRandomnessRequestfunction
Duplicate of #12
kgothatso
high
YoloV2 :: cancelAfterRandomnessRequestthe function can be called by anyone to cancel a found and cause a DOS attackSummary
the is no access control on the
cancelAfterRandomnessRequestfunctionVulnerability Detail
attacker can check if he/she is not a winner and just cancel the round before the withdraw
Impact
attacker can cancel until they win
Code Snippet
https://github.com/sherlock-audit/2024-01-looksrare/blob/main/contracts-yolo/contracts/YoloV2.sol#L421
Tool used
Manual Review
Recommendation
add a function modifier to the
cancelAfterRandomnessRequestfunction.Duplicate of #12