Strict equality in randomized price checks may cause missed discounts or overcharges in `trickOrTreat` function
Summary
The trickOrTreat function uses strict equality checks (==) to determine pricing tiers based on random numbers. This implementation is problematic as it creates an overly precise comparison that could fail to evaluate as true due to minor deviations (such as rounding or unexpected extra contributions), potentially causing users to miss out on intended price discounts or multipliers.
Vulnerability Details
Issues here:
Strict equality (
==) is used to check for exact values1and2No range checks or fallback conditions
Single point of failure in price determination
Assumption that random number will always fall exactly on these values
Impact
The strict equality check in the trickOrTreat function introduces potential issues in pricing determination for users. Since the function relies on the random variable precisely matching 1 or 2 for discounted or increased pricing, any deviation results in the normal pricing tier by default. This precision may lead to missed discounts.
Tools Used
Manual Review
Slither
Foundry
Recommendations
The solution might be this as follow:
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.