There is no check for maxHoldings(max no of tickets a player can hold) and minTickets(min tickets needed to start a raffle).
Vulnerability Detail
In WinnablesTicketManger::createRaffle there is no check for maxHoldings and minTickets to not be equal bcoz of which a malicious user can buy all the tickets if admin enters value of both same by mistake.If malicious user see an admin make this mistake and buy all the tickets up to minTickets and win the contest.
gululu
Medium
A raffle with 100% win rate can be created.
Summary
There is no check for maxHoldings(max no of tickets a player can hold) and minTickets(min tickets needed to start a raffle).
Vulnerability Detail
In WinnablesTicketManger::createRaffle there is no check for maxHoldings and minTickets to not be equal bcoz of which a malicious user can buy all the tickets if admin enters value of both same by mistake.If malicious user see an admin make this mistake and buy all the tickets up to minTickets and win the contest.
Impact
A raffle can have 100% win rate
Code Snippet
https://github.com/sherlock-audit/2024-08-winnables-raffles/blob/main/public-contracts/contracts/WinnablesTicketManager.sol#L252
Tool used
Manual Review
Recommendation
Add a check for
if (maxHoldings = minTickets)revert it