Loss of funds if the winner selected == address(0)
Summary
In PuppyRaffle::selectWinner() function, there is no check if the address selected as winner is address(0). Thus, if the winner select == address(0) then it will lead to loss of all the funds.
Vulnerability Details
As people can unregister themselves from the raffle by calling the refund() function, and address(0) is stored at their position. So, if in case the winner selected comes out to be address(0) then all the funds are transferred to address(0) and leads to loss of funds.
Impact
Funds are at risk as they are transferred to address(0) if the idx selected was the person who left the Raffle by calling the refund() function.
Tools Used
Manual Review
Recommendations
We should remove the functionality that allows users to unregister themselves.
But if we want to keep the functionality, then we can do something like this: If a person at idx i leaves then we can store the address of the last person in players array at idx i and pop the last address out.
Lead Judging Commences
zero address can win the raffle
Funds are locked to no one. If someone gets the refund issue, they also got this issue. IMPACT: High Likelihood: High
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.