First Flight #2: Puppy Raffle
First Flight #2
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Unbounded arrays in user inputs can DOS contracts

aballok

Summary

Unbounded array can Out Of Gas and or DOS contracts

Vulnerability Details

function enterRaffle(address[] memory newPlayers) public payable {
require(msg.value == entranceFee * newPlayers.length, "PuppyRaffle: Must send enough to enter raffle");
for (uint256 i = 0; i < newPlayers.length; i++) {
players.push(newPlayers[i]);
}
// Check for duplicates
for (uint256 i = 0; i < players.length - 1; i++) {
for (uint256 j = i + 1; j < players.length; j++) {
require(players[i] != players[j], "PuppyRaffle: Duplicate player");
}
}
emit RaffleEnter(newPlayers);
}

enterRaffle takes an unbounded user input array. A user can add many accounts under their control that are plenty until the size of "state variable players" becomes so large.

Impact

Many functions like enterRAffle relying on looping through players array can run out of gas
This implies this attack can DOS the contracts and ensure no one else can enter the raffle anymore. We might feel attacker may be losing ETH as they need to send in ETH for every address. However, the refund function does not rely on loopig through players as it requires indexes. Therefore attacker can simply refund themselves all their money for the addresses they input under their control.

Tools Used

Manual Analysis

Recommendations

Updates

Lead Judging Commences

Hamiltonite Lead Judge about 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

denial-of-service-in-enter-raffle

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!