Wenwin contest - d3e4's results

Lines of code

https://github.com/code-423n4/2023-03-wenwin/blob/91b89482aaedf8b8feb73c771d11c257eed997e8/src/LotterySetup.sol#L65-L70 https://github.com/code-423n4/2023-03-wenwin/blob/91b89482aaedf8b8feb73c771d11c257eed997e8/src/LotterySetup.sol#L156-L158

Vulnerability details

Impact

Frontiness rather than luck may determine the winner.

Proof of Concept

drawCoolDownPeriod may be set to 0. Then a ticket may be bought in the same block as the draw. This allows for frontrunning the randomly selected winning ticket with a ticket purchase with this, now known, winning combination.

Tools Used

Code inspection

Recommended Mitigation Steps

Require that drawCoolDownPeriod > 0 so that the ticket must be bought in a block before the draw.

Lines of code

https://github.com/code-423n4/2023-03-wenwin/blob/91b89482aaedf8b8feb73c771d11c257eed997e8/src/LotterySetup.sol#L164-L176

Vulnerability details

Impact

Fixed rewards may change when packed.

Proof of Concept

In LotterySetup.packFixedRewards`

function packFixedRewards(uint256[] memory rewards) private view returns (uint256 packed) {
    if (rewards.length != (selectionSize) || rewards[0] != 0) {
        revert InvalidFixedRewardSetup();
    }
    uint256 divisor = 10 ** (IERC20Metadata(address(rewardToken)).decimals() - 1);
    for (uint8 winTier = 1; winTier < selectionSize; ++winTier) {
        uint16 reward = uint16(rewards[winTier] / divisor);
        if ((rewards[winTier] % divisor) != 0) {
            revert InvalidFixedRewardSetup();
        }
        packed |= uint256(reward) << (winTier * 16);
    }
}

there is no check that the fixed rewards are less than $6553.6$. The values are packed using 16 bits which means that any reward greater than 2**16 - 1 will be capped at L170. One decimal is used which means that 2**16 - 1 corresponds to $6553.5$.

Tools Used

Code inspection

Recommended Mitigation Steps

If $6553.5$ is considered sufficient as a maximal value, check that this is not exceeded.