First Flight #2: Puppy Raffle

First Flight #2

Beginner FriendlyFoundryNFT

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

totalFees can overflow causing loss of funds for the owner

davide

Summary

The storage variable PuppyRaffle#totalFees can overflow if fees are not withdrawn after a certain period and start accumulating.

Vulnerability Details

Using a uint64 for the storage variable PuppyRaffle#totalFees and not handling overflow manually due to the fact the solidity version you are using is ^0.7.6 can cause an overflow after PuppyRaffle#totalFees reach type(uint64).max, a value of 18.446.744.073.709.551.616 (~18 ether).

Impact

The overflow of PuppyRaffle#totalFees cause a loss of funds for the owner because all the fees collected for every round will go to 0.

Tools Used

Manual review.

Recommendations

You have tree options to handle this:

Use a bigger uint size, for example uint256 to have enough space for the total fees collected
Use the OpenZeppelin library SafeMath and handle the possible overflow in the PuppyRaffle#selectWinner() function
Use a Solidity version >=0.8 that will throw an error for arithmetic overflow or underflow

Updates

Lead Judging Commences

Hamiltonite Lead Judge over 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

overflow-uint64

Rewards breakdown

nSLOC

143

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.