Platform: Code4rena
Start Date: 06/03/2023
Pot Size: $36,500 USDC
Total HM: 8
Participants: 93
Period: 3 days
Judge: cccz
Total Solo HM: 3
Id: 218
League: ETH
Rank: 13/93
Findings: 1
Award: $619.34
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: Cyfrin
Also found by: Yukti_Chinta, adriro, anodaram, auditor0517, bin2chen, gogo, minhtrng
619.3361 USDC - $619.34
When calculating new profit, the calculation for non-jackpot rewards are not normalized and will be largely overestimated, due to the additional percentage scaling. This will lead to the excess pot for participants being much lower and hence failing to incentivize participation in the long run.
The Lottery calculates the new expected profit via LotteryMath.calculateNewProfit:
uint256 expectedRewardsOut = jackpotWon ? calculateReward(oldProfit, fixedJackpotSize, fixedJackpotSize, ticketsSold, true, expectedPayout) : calculateMultiplier(calculateExcessPot(oldProfit, fixedJackpotSize), ticketsSold, expectedPayout) * ticketsSold * expectedPayout;
The issue is that in the no-jackpot-case the value for expectedRewardsOut will be scaled by an additional PERCENTAGE_BASE precision (thats what calculateMultiplier returns). The value is meant to express an amount of rewardTokens though. Hence the value is too large by a factor of 1e5 and will cause the problem mentioned under #Impact.
Manual Review
Perform normalization via getPercentage.
#0 - c4-judge
2023-03-10T08:44:31Z
thereksfour marked the issue as duplicate of #219
#1 - c4-judge
2023-03-19T10:23:38Z
thereksfour marked the issue as satisfactory