Initial ether sent to the contract does not cover the payout for a silver coin and above.
Summary:
The minimum required SEEDVALUEto launch a new MysteryBoxcontract is 0.1 ether, which is only enough to cover a player winning a bronze coin or below, this can lead to the contract not being able to pay a winner the amount they are owed, especially in the first few players.
Vulnerability Details:
If the contract is launched with the minimum value of uint256 constant SEEDVALUE = 0.1 ether the first player has a 5% chance of winning a silver coin or above, which would not beable to ve paid by the contract.
Impact:
A player would not recieve their correct payment in ether, creating a bad user experience and losing having to rely on trusting the creators of said contract to pay a winner what they're owed.
Tools Used:
Manual Review.
Recommendations:
Require a significant amount of SEEDVALUE to avoid having problems with early winners, some statistical analysis could be made in order to ensure that the contract is statistically unlikely of running out of funds in the long term.
Appeal created
Protocol should have a higher initial balance to prevent prize withdrawing problems
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.