Submission Details
Severity:
'enterRaffle' function might fail
Summary
'enterRaffle' function might fail
Vulnerability Details
'enterRaffle' function might fail if the list of players is too big
Impact
The smart contract will not allow new players to enter the raffle and the gas costs will increase for every new player because we use two 'for' loops to check for duplicates.
Tools Used
Manual Review
Recommendations
Modify the 'enterRaffle' function like this
uint256 private round; // We increase it after we choose the winner
mapping(address -> mapping(uint256 => bool)) public isPlayerInRound;
mapping (uint256 => uint256) public totalPlayersInRound;
function enterRaffle(address[] memory newPlayers) public payable {
require(msg.value == entranceFee * newPlayers.length, "PuppyRaffle: Must send enough to enter raffle");
for (uint256 i = 0; i < newPlayers.length; {
if(isPlayerInRound[newPlayers[i]][round] || newPlayers[i] == address(0)) revert("PuppyRaffle: Duplicate player");
isPlayerInRound[newPlayers[i]][round] = true;
unchecked {
++totalPlayersInRound[round];
++i;
}
}
emit RaffleEnter(newPlayers);
}
Updates
Lead Judging Commences
Hamiltonite over 1 year ago
Submission Judgement Published Assigned finding tags:
denial-of-service-in-enter-raffle
Rewards breakdown
nSLOC
143This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.