# #42388 \[SC-Insight] Discrepancy between number of Yeetback winners in contract and documentation

**Submitted on Mar 23rd 2025 at 14:12:20 UTC by @Oxrochimaru for** [**Audit Comp | Yeet**](https://immunefi.com/audit-competition/audit-comp-yeet)

* **Report ID:** #42388
* **Report Type:** Smart Contract
* **Report severity:** Insight
* **Target:** <https://github.com/immunefi-team/audit-comp-yeet/blob/main/src/Yeetback.sol>
* **Impacts:**

## Description

## Brief/Intro

As per documentation the number of yeetback winners are 10 but are configurable via config. But as per `Yeetback::draftWinners()` **nrOfWinners** are hardcoded to 10 and can't be changed.

<https://docs.yeetit.xyz/yeet/yeet-game>

```solidity
    function draftWinners(uint256 randomNumber, uint256 round) private {
        uint256 potValue = potForRound[round];
        uint256 nrOfYeets = yeetsInRound[round].length;
        uint256 nrOfWinners = 10;

        uint256 winnings = potValue / nrOfWinners;
        amountToWinners[round] = winnings;

        for (uint256 i; i < nrOfWinners; i++) {
            uint256 randomDataNumber = uint256(keccak256(abi.encodePacked(randomNumber, i)));
            uint256 winningYeetIndex = randomDataNumber % nrOfYeets; // index of the winning yeet
            address winnerAddress = yeetsInRound[round][winningYeetIndex];

            // Update amountToWinners and amountOfWins
            amountOfWins[round][winnerAddress] += 1;

            emit YeetbackWinner(round, winnerAddress, winnings, winningYeetIndex);
        }
    }
```

## Vulnerability Details

The documentation states that number of winners can change but it is hardcoded to 10 in the smart contract.

## Impact Details

Documentation is contradicting the actual behaviour in the code.

## References

`Numbers that are formated in this way 10 means that they are changeable via some configuration.`

## Proof of Concept

## Proof of Concept

* User reading the documentation will believe number of winners are configurable.
* Actually no. of winners are fixed to 10 in the smart contract.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://reports.immunefi.com/yeet/42388-sc-insight-discrepancy-between-number-of-yeetback-winners-in-contract-and-documentation.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.