Platform: Code4rena
Start Date: 20/09/2022
Pot Size: $100,000 USDC
Total HM: 4
Participants: 109
Period: 7 days
Judge: GalloDaSballo
Id: 163
League: ETH
Rank: 37/109
Findings: 1
Award: $470.36
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: zzykxx
Also found by: 8olidity, IllIllI, Lambda, berndartmueller, bytehat, devtooligan, hansfriese, imare, obront, philogy, shung, tonisives, zdhu, zkhorse
The protocol is relaying on random seed passed to us from a random provider to provide reveling functionality of newly minted gobblers.
If such provider doesn't work anymore... maliciously or not ...the protocol cannot revel new gobblers and also upgrading such provider doesn't work anymore.
Effectively it breaks the protocol.
A working random provider after we request a seed (calling requestRandomSeed) will call us back with our new seed in the function acceptRandomSeed. This function can only be called by our designated random provider.
If we don't get called in this function then watingForSeed variable stays always on true.
If this happen we can no longer reveal any new gobblers because we get always reverted with SeedPending exception.
If we try to upgrade the random provider we get the same exception as above because this if check:
if (gobblerRevealsData.waitingForSeed) revert SeedPending();
In the upgrade function upgradeRandProvider add a bool paramter to bypass the if that checks for the waiting seed.
Or just remove the problematic if altogether and just proceed with changing the address of the random provider directly.
#1 - GalloDaSballo
2022-09-29T21:29:46Z