Closed sherlock-admin3 closed 2 months ago
1 comment(s) were left on this issue during the judging contest.
infect3d commented:
from project docs: ""The startDraw auction process may be slightly different on each chain and depends on the RNG source that is being used for the prize pool.""
trachev
high
The protocol will not function on many of the required chains
Summary
Many of the chains where the smart contracts are intended to be deployed on do not support the Witnet protocols, causing an integral part of the protocol, the random winning number generation, to not be supported.
Vulnerability Detail
The competition page states that it is important for issues with compatibility with the different chains to be reported:
We're interested to know if there will be any issues deploying the code as-is to any of these chains, and whether their opcodes fully support our application.
Here are the chains where the contracts will be deployed: Arbitrum, Ethereum, Gnosis, Blast, Linea, Scroll, zkSync, Avalanche, Polygon, Zerion. Witnet has not deployed their contracts on the following: Gnosis (only testnet is supported), Blast, Linea, zkSync, Zerion. For reference, here are all chains supported by Witnet: https://docs.witnet.io/smart-contracts/witnet-randomness-oracle/contract-addresses.Impact
The protocol cannot function on several different chains.
Code Snippet
https://github.com/sherlock-audit/2024-05-pooltogether/blob/main/README.md#q-on-what-chains-are-the-smart-contracts-going-to-be-deployed https://github.com/sherlock-audit/2024-05-pooltogether/blob/1aa1b8c028b659585e4c7a6b9b652fb075f86db3/pt-v5-rng-witnet/src/RngWitnet.sol#L4
Tool used
Manual Review
Recommendation
For the chains referenced above use a different source of randomness, such as the Chainlink VRF.
Duplicate of #127