-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
neko_nyaa - Raffles with exactly minTicketsThreshold
tickets sold can still be cancelled
#507
Comments
minTicketsThreshold
tickets sold can still be cancelledminTicketsThreshold
tickets sold can still be cancelled
Escalate. There are multiple escalated issues that can be duped with this. This is to bring attention to also validate this in case the other duped issues are accepted. |
You've created a valid escalation! To remove the escalation from consideration: Delete your comment. You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final. |
A similar issue with involved discussion is going on #26 |
A fixed is desired to perfect the conditional check but it's deemed low given the trivial change needed. |
A similar issue with involved discussion is #395 |
Result: |
Escalations have been resolved successfully! Escalation status:
|
The protocol team fixed this issue in the following PRs/commits: |
neko_nyaa
Medium
Raffles with exactly
minTicketsThreshold
tickets sold can still be cancelledSummary
Wrong conditional check/comparison in
minTicketsThreshold
will cause raffles with exactlyminTicketsThreshold
tickets to still be cancellable.Root Cause
In
checkShouldCancel()
:https://github.com/sherlock-audit/2024-08-winnables-raffles/blob/main/public-contracts/contracts/WinnablesTicketManager.sol#L440
Note that when the number of tickets sold is equal to
minTicketsThreshold
of the raffle, then the raffle is still cancellable. This is inconsistent with the code documentation about the use ofminTicketsThreshold
.https://github.com/sherlock-audit/2024-08-winnables-raffles/blob/main/public-contracts/contracts/WinnablesTicketManager.sol#L75-L76
Furthermore, this is also inconsistent with
_checkShouldDraw()
for checking if a raffle should be drawable.One must also note that
cancelRaffle()
was designed to be callable by anyone (so as to prevent prize locking).https://github.com/sherlock-audit/2024-08-winnables-raffles/blob/main/public-contracts/contracts/WinnablesTicketManager.sol#L278
Therefore, when a raffle ends up with exactly
minTicketsThreshold
, anyone can still cancel the raffle and deny the potential winner their winnings, even if the raffle was supposed to be drawable.Internal pre-conditions
minTicketsThreshold
soldExternal pre-conditions
No response
Attack Path
No response
Impact
If a raffle ends up with exactly
minTicketsThreshold
, anyone can still cancel the raffle and deny the potential winner their winnings, even if the raffle was supposed to be drawable.PoC
No response
Mitigation
The correct comparison should be
if (supply >= raffle.minTicketsThreshold) revert TargetTicketsReached();
Duplicate of #26
The text was updated successfully, but these errors were encountered: