Full Report
PancakeSwap is a platform for swapping tokens and many other functionality. In this blog post, the author goes into the lottery functionality. The vulnerable code persisted in several other projects, since they had forked PancakeSwap. When claiming a ticket, an array of tickets can be used. The flow of code verifies that the ticket has not been claimed yet and adds the reward for each ticket in a variable. Once the verification has been done, the reward is sent to the user. This becomes a problem when the tickets are NOT all unique. In particular, the verification step does NOT mark the ticket as used. So, the same ticket can be provided multiple times. None of the checks validated that this happened. To pull this off, you would need to win a lottery ticket, which isn't very hard. Once you win the lottery, call multiClaim() with the same winning ticket up to 255 times. I think there is a hard limit on the amount of elements for dynamic arrays in Solidity. Overall, a really simple bug that could have lost all user funds. The fix was to set the lottery ticket specified to have claimed the reward during the verification step.
Analysis Summary
# Vulnerability: PancakeSwap Lottery multiClaim Logic Error
## CVE Details
- **CVE ID:** Not Assigned (DeFi/Smart Contract logic error)
- **CVSS Score:** 8.8 (High) - *Estimated based on Critical impact and Low complexity*
- **CWE:** CWE-670: Always-Incorrect Control Flow Implementation (specifically, Lack of Reentrancy/Duplicate Protection)
## Affected Systems
- **Products:** PancakeSwap Lottery Contract and its forks.
- **Versions:** Original PancakeSwap Lottery V1.
- **Configurations:** Known vulnerable forks include:
- ApeSwap
- PantherSwap
- Knights DeFi
## Vulnerability Description
The vulnerability is a logic error within the `multiClaim()` function of the `Lottery.sol` smart contract. When a user claims rewards for multiple winning tickets, the function iterates through an array of ticket IDs provided by the user.
The flaw exists because the contract calculates the `totalReward` by checking if a ticket is winning and valid *before* marking that ticket as claimed in the state. Because the `LotteryNFT.sol` contract's `multiClaimReward` function did not verify unique IDs within the loop, an attacker could pass the same winning ticket ID multiple times (up to 255+ times depending on gas limits) in a single transaction. The contract would redundantly add the reward for the same ticket ID to the `totalReward` balance and then send the inflated sum to the attacker.
## Exploitation
- **Status:** PoC available; identified by whitehat "Juno." No evidence of exploitation in the wild.
- **Complexity:** Low
- **Attack Vector:** Network (Smart Contract Interaction)
## Impact
- **Confidentiality:** None
- **Integrity:** High (Unauthorized extraction of funds)
- **Availability:** Low (Potential depletion of contract liquidity)
## Remediation
### Patches
- **PancakeSwap:** Resolved by pausing the lottery and withdrawing remaining funds ($700,000) to safety.
- **PantherSwap/Forks:** Implemented a fix by rewriting the `multiClaim()` function to perform an immediate state update. The ticket must be marked as "claimed" at the moment it is verified within the loop to prevent duplicate processing.
### Workarounds
- Emergency withdrawal of all contract funds by the owner/admin.
- Disabling the `multiClaim` or `claim` functionality through administrative switches if available in the contract architecture.
## Detection
- **Indicators of compromise:** Unusual transactions calling `multiClaim()` with large arrays containing duplicate `uint256` values.
- **Detection methods and tools:** Static analysis of Solidity code checking for "Check-Effects-Interactions" pattern violations. Log monitoring for `MultiClaim` events where the reward is disproportionately high compared to the number of unique ticket IDs held by the sender.
## References
- Immunefi Blog: [https://medium.com/immunefi/pancakeswap-logic-error-bugfix-review-f2d02adb6983](https://medium.com/immunefi/pancakeswap-logic-error-bugfix-review-f2d02adb6983)
- ApeSwap Mitigation TX: [https://bscscan.com/tx/0xd2aff5884c3ce47c59931735e43c3e5f17aee18ebc6be0f6bf20f3fca08ccf61](https://bscscan.com/tx/0xd2aff5884c3ce47c59931735e43c3e5f17aee18ebc6be0f6bf20f3fca08ccf61)
- PantherSwap Mitigation TX: [https://bscscan.com/tx/0x51b7a60fb98601d6ed96f4cb3bda331936c6631ef65ee0e3e75d85873be98b47](https://bscscan.com/tx/0x51b7a60fb98601d6ed96f4cb3bda331936c6631ef65ee0e3e75d85873be98b47)