Contest: https://code4rena.com/contests/2023-03-wenwin-contest
- H-01 Winner is unable to claim winnings at the very end of the claimable period
- H-02 Loss of funds when buying tickets with no frontend
- M-01 Ticket buyer can set arbitrary frontend address and potentially buy tickets at a discounted rate
- M-02 Calculation in
calculateNewProfitfunction is broken when jackpot is not won - M-03 Overflow risk in
calculateExcessPotfunction - M-04 Protocol fails to support arbitrary token for rewards
- M-05 Fixed rewards in DAI (or similar token) can potentially overflow when being packed
- M-06 Malicious user can frontrun the selling or transferring of a ticket to claim the rewards
- M-07 Owner can silently withdraw funds just before deadline in
StakedTokenLock - M-08 Ticket minting should use
safeMint - M-09
swapSourceinRNSourceControllercontract can be frontrunned and eventually lead to a DoS