Improper array deletion
Summary
Improper array deletion leads to unexpected behaviour
Vulnerability Details
Using "delete" to delete arrays in Solidity can lead to,erroneous logic, large arrays and can cause unexpected results and or gas issues if array is too large
Above will not empty the array but reset that array elements to their default values. In this case address(0) which means in next round of lottery the array will already have elements with zero addresses entered into raffle.
Impact
-
enterRaffle(address[] memory newPlayers) pushes elements into the players array which has default zero addresses leading to it growing this can lead to it being so big that calling delete results in Out Of Gas so function selectWinner() may never be called leading to the raffle contract being rendered useless
-
The default zero address in the contract can actually be one of the indexes selected as winner leading to sending of funds and NFT token to zero address which can result in reverts or loss of the funds and or tokens,
-
It leads to unfairness of the raffle as the bigger the array is with many default zero address the less the chances of winning the actual entries have as array if full of [0x0,0x0,0x0........0x0,0x0] due to delete resetting entries at every round of raffle
Tools Used
Manual Analysis
Recommendations
Assign dynamic array to empty array e.g
Lead Judging Commences
refund-doesnt-reduce-players-array-size-causing-protocol-to-freeze
zero address can win the raffle
Funds are locked to no one. If someone gets the refund issue, they also got this issue. IMPACT: High Likelihood: High
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.