Overflow
Summary
totalFees is uint64 which may overflow; there is uses of unsafe casting too
Vulnerability Details
Largest value uint64 solidity is 18446744073709551615 which is about 18.44 ether. Its possible for a raffle to be big ticket and have totals up to 2000 ETH such that fee can be > 19 ETH this implies uint64(fee) will overflow and lead to 0.
Additionally the total fees for a raffle with large entries can easily accumulate over 19 ETH leading to overflow totalFees
Impact
This unsafe casting and overflow prone logic may lead to fees not being accumulated into the protocol as they reset to 0 and or totalFees also overflowing and going to 0 resulting in wrong accounting and loss of value and faulty payouts
Tools Used
Manual Analysis
Recommendations
Ensure totalFees and fees are uint256
Other alternative is to use SafeCasting Libraries like OpenZeppeli
Lead Judging Commences
unsafe cast of fee to uint64
overflow-uint64
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.