Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auctions allocate fees instead of withdraw reserve #69

Merged
merged 5 commits into from
Sep 25, 2023
Merged

Auctions allocate fees instead of withdraw reserve #69

merged 5 commits into from
Sep 25, 2023

Conversation

trmid
Copy link
Member

@trmid trmid commented Sep 21, 2023

No description provided.

@github-actions
Copy link

LCOV of commit 149a355 during Tests with 100% Coverage #303

Summary coverage rate:
  lines......: 100.0% (421 of 421 lines)
  functions..: 100.0% (80 of 80 functions)
  branches...: no data found

Files changed coverage rate:
                                             |Lines       |Functions  |Branches    
  Filename                                   |Rate     Num|Rate    Num|Rate     Num
  =================================================================================
  src/PrizePool.sol                          | 100%    150| 100%    41|    -      0

PierrickGT
PierrickGT suggested changes Sep 21, 2023
View reviewed changes
test/PrizePool.t.sol Outdated
/// @param to The address the rewards are sent to
/// @param amount The amount withdrawn
/// @param available The total amount that was available to withdraw before the transfer
event WithdrawClaimRewards(address indexed to, uint256 amount, uint256 available);
event WithdrawRewards(address indexed to, uint256 amount, uint256 available);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can also log msg.sender here.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

resolved with: 17ad8cc

test/PrizePool.t.sol Outdated Show resolved Hide resolved
@linear
Copy link

linear bot commented Sep 21, 2023

GEN-440 Auctions allocate fees instead of withdrawReserve (C4 92: RngRelayAuction.rngComplete() DOS attack)

This "attack" also heavily optimizes the gas usage of the relay auction.

Essentially we need to:

  • Update the Prize Pool so that instead / in addition to "withdrawReserve" we "allocateFee", so that bots that win auctions can withdraw on-demand.
  • Update the RngRelayAuction so that it allocates fees instead of transferring them using withdrawReserve

code-423n4/2023-08-pooltogether-findings#92

@trmid trmid force-pushed the gen-440-auctions-allocate-fees-instead-of-withdrawreserve-c4-92 branch from 149a355 to 17ad8cc Compare September 21, 2023 22:18
@github-actions
Copy link

LCOV of commit 17ad8cc during Tests with 100% Coverage #308

Summary coverage rate:
  lines......: 100.0% (421 of 421 lines)
  functions..: 100.0% (80 of 80 functions)
  branches...: no data found

Files changed coverage rate:
                                             |Lines       |Functions  |Branches    
  Filename                                   |Rate     Num|Rate    Num|Rate     Num
  =================================================================================
  src/PrizePool.sol                          | 100%    150| 100%    41|    -      0

trmid and others added 2 commits September 25, 2023 18:43
@trmid
revert claims made while open draw is closing
6c9b2be
@trmid
Merge pull request #70 from GenerationSoftware/gen-700-prevent-reserv…
2785fcc 
…e-from-changing-after-draw-auctions-start

revert claims made while open draw is closing
@github-actions
Copy link

LCOV of commit 2785fcc during Tests with 100% Coverage #312

Summary coverage rate:
  lines......: 100.0% (423 of 423 lines)
  functions..: 100.0% (80 of 80 functions)
  branches...: no data found

Files changed coverage rate:
                                             |Lines       |Functions  |Branches    
  Filename                                   |Rate     Num|Rate    Num|Rate     Num
  =================================================================================
  src/PrizePool.sol                          | 100%    152| 100%    41|    -      0

@trmid trmid merged commit 4720e80 into main Sep 25, 2023
@trmid trmid deleted the gen-440-auctions-allocate-fees-instead-of-withdrawreserve-c4-92 branch September 25, 2023 18:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@PierrickGT PierrickGT PierrickGT approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@trmid @PierrickGT