Closed sherlock-admin2 closed 2 months ago
evmboi32
high
Users can be denied rewards that they won.
If two or more users win a prize at tier 0 at the same draw, only one can claim the reward.
Since only one user can claim the tier 0 prize, others will be unable to claim a reward that they won.
https://github.com/sherlock-audit/2024-05-pooltogether/blob/main/pt-v5-prize-pool/src/PrizePool.sol#L569
https://github.com/sherlock-audit/2024-05-pooltogether/blob/main/pt-v5-prize-pool/src/PrizePool.sol#L590
Manual Review
The reward should instead be split amongst all winners that won in that draw.
Add the following code to the PrizeVault.t.sol file. Run with forge test --match-path ./test/PrizePool.t.sol -vvv
PrizeVault.t.sol
forge test --match-path ./test/PrizePool.t.sol -vvv
import { MAXIMUM_NUMBER_OF_TIERS, MINIMUM_NUMBER_OF_TIERS, NUMBER_OF_CANARY_TIERS, InsufficientLiquidity } from "../src/abstract/TieredLiquidityDistributor.sol"; function testIsWinnerGrandPrizeShouldSplit() public { address alice = makeAddr("alice"); address bob = makeAddr("bob"); address vault = address(this); uint8 _tier = 0; uint8 _prizeIndex = 0; vm.prank(alice); contribute(100e18, vault); vm.prank(bob); contribute(100e18, vault); awardDraw(winningRandomNumber); mockTwabForUser(vault, alice, _tier, 366e30); mockTwabForUser(vault, bob, _tier, 366e30); mockTwabTotalSupply(vault, _tier, 1e30); assertEq(prizePool.isWinner(vault, alice, _tier, _prizeIndex), true); assertEq(prizePool.isWinner(vault, bob, _tier, _prizeIndex), true); uint256 prize = claimPrize(alice, _tier, _prizeIndex); vm.expectRevert( abi.encodeWithSelector(InsufficientLiquidity.selector, prize) ); uint256 prize2 = claimPrize(bob, _tier, _prizeIndex); }
Duplicate of #112
1 comment(s) were left on this issue during the judging contest.
infect3d commented:
tier0 has only 1 winner per draw
evmboi32
high
Users can be unable to claim rewards
Summary## Summary
Users can be denied rewards that they won.
Vulnerability Detail
If two or more users win a prize at tier 0 at the same draw, only one can claim the reward.
Impact
Since only one user can claim the tier 0 prize, others will be unable to claim a reward that they won.
Code Snippet
https://github.com/sherlock-audit/2024-05-pooltogether/blob/main/pt-v5-prize-pool/src/PrizePool.sol#L569
https://github.com/sherlock-audit/2024-05-pooltogether/blob/main/pt-v5-prize-pool/src/PrizePool.sol#L590
Tool used
Manual Review
Recommendation
The reward should instead be split amongst all winners that won in that draw.
Coded POC
Add the following code to the
PrizeVault.t.sol
file. Run withforge test --match-path ./test/PrizePool.t.sol -vvv
Vulnerability Detail
Impact
Code Snippet
Tool used
Manual Review
Recommendation
Duplicate of #112