evmboi32 - Users can be unable to claim rewards

[sherlock-admin2]

evmboi32

high

Users can be unable to claim rewards

Summary## Summary

Users can be denied rewards that they won.

Vulnerability Detail

If two or more users win a prize at tier 0 at the same draw, only one can claim the reward.

Impact

Since only one user can claim the tier 0 prize, others will be unable to claim a reward that they won.

Code Snippet

https://github.com/sherlock-audit/2024-05-pooltogether/blob/main/pt-v5-prize-pool/src/PrizePool.sol#L569

https://github.com/sherlock-audit/2024-05-pooltogether/blob/main/pt-v5-prize-pool/src/PrizePool.sol#L590

Tool used

Manual Review

Recommendation

The reward should instead be split amongst all winners that won in that draw.

Coded POC

Add the following code to the PrizeVault.t.sol file. Run with forge test --match-path ./test/PrizePool.t.sol -vvv

import { MAXIMUM_NUMBER_OF_TIERS, MINIMUM_NUMBER_OF_TIERS, NUMBER_OF_CANARY_TIERS, InsufficientLiquidity } from "../src/abstract/TieredLiquidityDistributor.sol";

function testIsWinnerGrandPrizeShouldSplit() public {
    address alice = makeAddr("alice");
    address bob = makeAddr("bob");
    address vault = address(this);

    uint8 _tier = 0;
    uint8 _prizeIndex = 0;

    vm.prank(alice);
    contribute(100e18, vault);
    vm.prank(bob);
    contribute(100e18, vault);

    awardDraw(winningRandomNumber);

    mockTwabForUser(vault, alice, _tier, 366e30);
    mockTwabForUser(vault, bob, _tier, 366e30);
    mockTwabTotalSupply(vault, _tier, 1e30);

    assertEq(prizePool.isWinner(vault, alice, _tier, _prizeIndex), true);
    assertEq(prizePool.isWinner(vault, bob, _tier, _prizeIndex), true);
    uint256 prize = claimPrize(alice, _tier, _prizeIndex);

    vm.expectRevert(
      abi.encodeWithSelector(InsufficientLiquidity.selector, prize)
    );

    uint256 prize2 = claimPrize(bob, _tier, _prizeIndex);
}

Vulnerability Detail

Impact

Code Snippet

Tool used

Manual Review

Recommendation

Duplicate of #112

[sherlock-admin3]

1 comment(s) were left on this issue during the judging contest.

infect3d commented:

tier0 has only 1 winner per draw