# 52948 sc low jackpot reward rejected at exact threshold

**Submitted on Aug 14th 2025 at 13:01:45 UTC by @Am3nh3l for** [**Attackathon | Plume Network**](https://immunefi.com/audit-competition/plume-network-attackathon)

* **Report ID:** #52948
* **Report Type:** Smart Contract
* **Report severity:** Low
* **Target:** <https://github.com/immunefi-team/attackathon-plume-network/blob/main/plume/src/spin/Spin.sol>
* **Impacts:**
  * Contract fails to deliver promised returns, but doesn't lose value

## Description

Brief/Intro\
In Spin.sol, the determineReward function uses `<` instead of `<=` for the jackpot threshold check, rejecting the jackpot when probability equals `jackpotThreshold`, unfairly reducing the jackpot probability.

Vulnerability Details

```solidity
        if (probability < jackpotThreshold) {
            return ("Jackpot", jackpotPrizes[weekNumber]);
        } else if (probability <= rewardProbabilities.plumeTokenThreshold) {
            uint256 plumeAmount = plumeAmounts[probability % 3];
            return ("Plume Token", plumeAmount);
        } else if (probability <= rewardProbabilities.raffleTicketThreshold) {
            return ("Raffle Ticket", baseRaffleMultiplier * streakForReward);
        } else if (probability <= rewardProbabilities.ppThreshold) {
            return ("PP", PP_PerSpin);
        }
```

Impact Details\
When `probability == jackpotThreshold`, the jackpot is skipped and the user receives a Plume Token reward instead, reducing the effective jackpot probability (for example, from 0.001% to 0.0009% for `threshold = 1`). Users are unfairly denied jackpots, potentially losing significant rewards (e.g., 5,000–100,000 PLUME).

## References

determineReward uses `<=` for other thresholds, inconsistent with `<` for jackpot.

Code snippet:

```solidity
if (probability < jackpotThreshold) {
    return ("Jackpot", jackpotPrizes[weekNumber]);
} else if (probability <= rewardProbabilities.plumeTokenThreshold) {
    // Plume Token awarded
```

## Proof of Concept

{% stepper %}
{% step %}

### Scenario

* Suppose `jackpotThreshold = 10`
* RNG result: `probability = 10`
  {% endstep %}

{% step %}

### What happens

* `10 < 10` fails → not jackpot
* Falls through to Plume Token condition (`10 <= 200000` succeeds)
* User wins Plume Token instead of jackpot
  {% endstep %}

{% step %}

### Expected behavior

* The jackpot should cover `[0, 10]` (11 values) when using an inclusive threshold, but with `<` it only covers `[0, 9]` (10 values), reducing the effective jackpot chance.
  {% endstep %}
  {% endstepper %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://reports.immunefi.com/plume-or-attackathon/52948-sc-low-jackpot-reward-rejected-at-exact-threshold.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.