Crazy Porcelain Mole - In `WinnablesTicketManager::createRaffle()`, `minTickets` can be greater than `maxTickets`.

[sherlock-admin4]

Crazy Porcelain Mole

Low/Info

In WinnablesTicketManager::createRaffle(), minTickets can be greater than maxTickets.

Summary

Lack of checking whether minTickets is less than maxTickets.

Vulnerability Detail

In the WinnablesTicketManager::createRaffle() function, the minTickets and maxTickets parameters are not compared, even though the function is only called by the admin, it would be necessary to check this.

Impact

If accidentally (or not) minTickets is greater than maxTickets, the draw referring to the created raffleId cannot be carried out due to a check in the _checkShouldDraw() function.

function _checkShouldDraw(uint256 raffleId) internal view {
        Raffle storage raffle = _raffles[raffleId];
        if (raffle.status != RaffleStatus.IDLE) revert InvalidRaffle();
        uint256 currentTicketSold = IWinnablesTicket(TICKETS_CONTRACT).supplyOf(raffleId);
        if (currentTicketSold == 0) revert NoParticipants();

        if (block.timestamp < raffle.endsAt) {
            if (currentTicketSold < raffle.maxTicketSupply) revert RaffleIsStillOpen();
        }
@>      if (currentTicketSold < raffle.minTicketsThreshold) revert TargetTicketsNotReached();
    }

If currentTicketSold is 50 (maxTicketSupply), and minTicketsThreshold is 51, it will fail. So it is important to ensure that minTickets is not greater than maxTickets when creating the raffle.

Code Snippet

https://github.com/sherlock-audit/2024-08-winnables-raffles/blob/main/public-contracts/contracts/WinnablesTicketManager.sol#L252-L274

Tool used

Manual Review

Recommendation

Check to ensure this doesn't happen

[sherlock-admin2]

The protocol team fixed this issue in the following PRs/commits: https://github.com/Winnables/public-contracts/pull/1