sherlock-admin2
commented
1 month ago The protocol team fixed this issue in the following PRs/commits: https://github.com/Winnables/public-contracts/pull/1
Closed sherlock-admin3 closed 3 months ago
sherlock-admin2
commented
1 month ago The protocol team fixed this issue in the following PRs/commits: https://github.com/Winnables/public-contracts/pull/1
anonimoux2k
Invalid
Missing validation on minTickets and maxTickets in createRaffle function
Summary
The missing check
minTickets<=maxTicketsincreateRafflefunction ofWinablesTickerManager.solcontract will cause all raffles with minTickets > maxTickets to have their prizes permanently locked on Ethereum and also not be refunded to players on Avalanche.Root Cause
No response
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
The missing check above allows the admin to successfully create raffles where minTickets is greater than maxTickets
Impact
Without this constraint check, although the raffle is still successfully created, the player can still purchase tickets normally, but after the ticket purchase stage ends, the raffle cannot move to the draw winner step, which leads to the inability to propagate the winner to
WinablesPrizeManager, as well as the inability to cancel the raffle. As a result, the prize will be permanently locked onWinablesPrizeManager, whileWinablesTicketManagercannot refund the players.PoC
No response
Mitigation
Add a constraint between
minTicketsandmaxTicketsto ensure thatminTickets<=maxTickets