Back to BAHOZ's contests

Forgeries contest - BAHOZ's results

A protocol for on-chain games with NFT prizes on Ethereum.

General Information

Platform: Code4rena

Start Date: 13/12/2022

Pot Size: $36,500 USDC

Total HM: 5

Participants: 77

Period: 3 days

Judge: gzeon

Total Solo HM: 1

Id: 191

League: ETH

Forgeries

Findings Distribution

Researcher Performance

Rank: 16/77

Findings: 1

Award: $320.13

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryForgeries

Findings Information

🌟 Selected for report: 9svR6w

Also found by: 0xdeadbeef0x, BAHOZ, codeislight, deliriusz, gasperpre, trustindistrust

Labels

bug
2 (Med Risk)
satisfactory
duplicate-101

Awards

320.1346 USDC - $320.13

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-12-forgeries/blob/fc271cf20c05ce857d967728edfb368c58881d85/src/VRFNFTRandomDraw.sol#L163

Vulnerability details

Impact

The drawer can choose whichever gas lane(keyHash) they like. Giving this choice to the drawer may result in no winners if the network is congested and the drawer chooses a cheap gas lane.

Check the options of keyHashes that can be used in the network where the contracts will be deployed and decide on a reasonable keyHash. Preset that keyHash in the factory contract instead of letting drawers choose the keyHash.

#0 - c4-judge

2022-12-17T15:32:44Z

gzeon-c4 marked the issue as duplicate of #194

#1 - c4-judge

2023-01-23T16:51:10Z

gzeon-c4 marked the issue as satisfactory

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter