trachev - The protocol will not function on many of the required chains

[sherlock-admin3]

trachev

high

The protocol will not function on many of the required chains

Summary

Many of the chains where the smart contracts are intended to be deployed on do not support the Witnet protocols, causing an integral part of the protocol, the random winning number generation, to not be supported.

Vulnerability Detail

The competition page states that it is important for issues with compatibility with the different chains to be reported: We're interested to know if there will be any issues deploying the code as-is to any of these chains, and whether their opcodes fully support our application. Here are the chains where the contracts will be deployed: Arbitrum, Ethereum, Gnosis, Blast, Linea, Scroll, zkSync, Avalanche, Polygon, Zerion. Witnet has not deployed their contracts on the following: Gnosis (only testnet is supported), Blast, Linea, zkSync, Zerion. For reference, here are all chains supported by Witnet: https://docs.witnet.io/smart-contracts/witnet-randomness-oracle/contract-addresses.

Impact

The protocol cannot function on several different chains.

Code Snippet

https://github.com/sherlock-audit/2024-05-pooltogether/blob/main/README.md#q-on-what-chains-are-the-smart-contracts-going-to-be-deployed https://github.com/sherlock-audit/2024-05-pooltogether/blob/1aa1b8c028b659585e4c7a6b9b652fb075f86db3/pt-v5-rng-witnet/src/RngWitnet.sol#L4

Tool used

Manual Review

Recommendation

For the chains referenced above use a different source of randomness, such as the Chainlink VRF.

Duplicate of #127

[sherlock-admin2]

1 comment(s) were left on this issue during the judging contest.

infect3d commented:

from project docs: ""The startDraw auction process may be slightly different on each chain and depends on the RNG source that is being used for the prize pool.""