The auction duration is checked with the drawClosesAt instead of the closing time of the previous auction. Also it is not checked if the block number one is querying is the same as the block number of the last draw auction. This causes the bots to not call the function even when it is callable and hence causes the draw to not be awarded
function canStartDraw() public view returns (bool) {
uint24 drawId = prizePool.getDrawIdToAward();
uint48 drawClosesAt = prizePool.drawClosesAt(drawId);
StartDrawAuction memory lastStartDrawAuction = getLastStartDrawAuction();
return (
(
// if we're on a new draw
drawId != lastStartDrawAuction.drawId ||
// OR we're on the same draw, but the request has failed and we haven't retried too many times
(rng.isRequestFailed(lastStartDrawAuction.rngRequestId) && _startDrawAuctions.length <= maxRetries)
) && // we haven't started it, or we have and the request has failed
block.timestamp >= drawClosesAt && // the draw has closed
=> _computeElapsedTime(drawClosesAt, block.timestamp) <= auctionDuration // the draw hasn't expired
);
Impact
Bots relying on canStartDraw might not start the draw even when it is actually startable
Code Snippet
Tool used
Manual Review
Recommendation
Use the close time of the previous auction instead of the close time of the draw
hash
medium
Can start draw will return incorrectly
Summary
Can start draw will return incorrectly
Vulnerability Detail
The auction duration is checked with the
drawClosesAtinstead of the closing time of the previous auction. Also it is not checked if the block number one is querying is the same as the block number of the last draw auction. This causes the bots to not call the function even when it is callable and hence causes the draw to not be awardedlink
Impact
Bots relying on
canStartDrawmight not start the draw even when it is actually startableCode Snippet
Tool used
Manual Review
Recommendation
Use the close time of the previous auction instead of the close time of the draw
Duplicate of #129