First Flight #2: Puppy Raffle
First Flight #2
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

totalFees not updated after refund() this will lead to mis-calculations

Heba

Summary

In PuppyRaffle.sol::refund() the totalFees state variable is never updated after the refund which makes any use of this state variable after the refund is misleading.

Vulnerability Details

the function PuppyRaffle::withdrawFees()

function withdrawFees() external {
require(address(this).balance == uint256(totalFees), "PuppyRaffle: There are currently players active!");
uint256 feesToWithdraw = totalFees;
totalFees = 0;
(bool success,) = feeAddress.call{value: feesToWithdraw}("");
require(success, "PuppyRaffle: Failed to withdraw fees");
}

checks the balance == totalFees
if there were refund calls before that , then this will be false sincethe refund() function misses updating totalFees variable.

Impact

this Issue will cause the contract to not be able to withdraw and the rest of the fees will be stuck there.

Tools Used

manual review

Recommendations

fix the refund() to include the following line after sending entranceFee to the player:
totalFees = totalFees - entranceFee;

Updates

Lead Judging Commences

Hamiltonite Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

refund-doesnt-reduce-players-array-size-causing-protocol-to-freeze

zero address can win the raffle

Funds are locked to no one. If someone gets the refund issue, they also got this issue. IMPACT: High Likelihood: High

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.