PancakeSwap Lottery V2: Week One Recap & More
Wow. It’s been a heck of a week since the relaunch of the PancakeSwap Lottery. Let’s start with the crazy stats:
- Total in prizes won: 467,072 CAKE (approx $7M)
- Top prize won: 77,687 CAKE (approx $1.165M) in round 16 (Matched all 6 numbers in the right order)
- Total CAKE injected: 350,000 (approx $5.25M)
In case you missed it, we injected more than $5 Million in CAKE prizes over the course of the week to get the ball rolling on the new lottery: find out why here.
From Round #20, which started at 6 AM UTC today (July 12th), the lottery will continue its regular injection schedule of 10,000 CAKE every 2 days.
Here’s how that’ll look:
Want to learn more about the lottery injections, and where the CAKE comes from? Read more about CAKE Tokenomics here.
Audits and Security
We’re also proud to announce the publishing of not one, but two security audits completed on the PancakeSwap V2 Lottery smart contract. Read them below:
Beyond general security, these audits also demonstrate the absence of a number of issues which existed with the V1 Lottery contract. We’ll also take this opportunity to shed some light on issues with the previous lottery, and go into the solutions we’ve taken to resolve them.
V1 Vulnerability Bug Bounty
In case you missed it, our bug bounty partner ImmuneFi recently published a release detailing a bug bounty we paid out for a critical vulnerability caused by a logic error in the V1 contract. Although this vulnerability was fortunately not exploited and was reported after the previous lottery was suspended, we nevertheless awarded the full bounty of $70,000 to the whitehat who reported it.
If you find an issue with our smart contract or website that may lead to the loss of user funds, submit it to the PancakeSwap bug bounty program for the chance to earn a bounty.
Lottery V1 Exploit Details
In v1 of the Lottery, there was another vulnerability that was exploited by a privileged admin role of the Lottery contract, which resulted in the malicious actor being able to buy tickets that would win the lottery.
The issue was that the enterDrawingPhase function could be called in the same block as the drawing function.
function enterDrawingPhase() external onlyAdmin {
require(!drawed(), ‘drawed’);
drawingPhase = true;
}
function drawing(uint256 _externalRandomNumber) external onlyAdmin {
require(!drawed(), “reset?”);
require(drawingPhase, “enter drawing phase first”);
[…]
These functions were only allowed to be called by the admin role. On top of this issue, the buy and multiBuy functions only had the restriction that it was not the drawingPhase or that the numbers had not been drawn.
function buy(uint256 _price, uint8[4] memory _numbers) external {
require(!drawed(), ‘drawed, can not buy now’);
require(!drawingPhase, ‘drawing, can not buy now’);
[…]
function multiBuy(uint256 _price, uint8[4][] memory _numbers) external {
require (!drawed(), ‘drawed, can not buy now’);
require(!drawingPhase, ‘drawing, can not buy now’);
[…]
By chaining these 2 issues, the malicious admin was able to do the following in the same block in the following order:
Tx 1: buy
Tx 2: enterDrawingPhase
Tx 3: drawing
By frontrunning tx 2 and 3, the admin was able to use a smart contract to calculate the winning numbers based on the _externalRandomNumber input and previous block hash, in the drawing function, and buy those in the same block before the drawing was done.
We have confirmed that this vulnerability was exploited by the admin in question several times beginning on April 12th, 2021, resulting in the misappropriation of a total of 30,927.57 CAKE from the top Lottery prize brackets, which meant that winners in the same prize brackets as the admin on those occasions didn’t receive the full amount of CAKE prizes that they should have received.
PancakeSwap has already compensated the affected users as follows:
Once we discovered the actions of the lottery admin, the team immediately froze the lottery and began investigating. In short, while at this stage we cannot concretely confirm the entire situation, the person responsible for that account was removed from the team and surrendered access to any remaining accounts and devices.
In terms of technical resolutions to the issue, the audits of the new V2 contract (linked above) confirm that the vulnerabilities that the admin was able to exploit are not present in the new Lottery: the admin wallet is multi-sig, and its ability to change random number generation, etc., will be offset by a timelock.
While the PancakeSwap team began our investigation immediately after identifying the exploit, it was also flagged by several members of the community, the first of whom was paid a $10k equivalent bounty in CAKE.
We would like to take this opportunity to thank those community members for their diligence, and to thank you for your great patience as we have investigated the situation.
We look forward to the ongoing success of the V2 Lottery, and can’t wait to see some big wins!
