Potential Denial of Service on the `withdrawFees` function
Summary
A potential Denial of Service (DoS) attack on the withdrawFees function by using the self-estruct from the malicious contract selfdestruct to force send Ether to the PuppyRaffle contract, making the balance of the PuppyRaffle to be manipulated so the require statement, require(address(this).balance == uint256(totalFees), "PuppyRaffle: There are currently players active!"); will always revert even if there are no players active.
Vulnerability Details
An attacker can deploy a malicious contract with the ability to self-destruct, force sending Ether to the PuppyRaffle contract.
By doing so, they manipulate the balance of the PuppyRaffle contract. This manipulation causes the require statement on line 158 to always revert, even if there are no players active.
Impact
-
DoS Attack: An attacker can disrupt the operation of the
PuppyRafflecontract by triggering a DoS attack, preventing it from execute thewithdrawFeesfunction. -
Manipulated Balance: The attacker can manipulate the contract's balance, potentially causing confusion among users and making it challenging to track and reconcile funds.
Tools Used
VS Code: Manual
Recommendations
The issue arises from the reliance on the contract's balance for checking the "active" status, rather than directly inspecting the players array length.
So I recommend modifying the code to consistently check the number of active players by directly inspecting the length of the players array, rather than relying on the contract's balance
here: https://gist.github.com/filmptz/726d28d517a356da4778bbc16a49cc50#file-puppyraffle-sol-withdrawfees
Lead Judging Commences
greifers-send-money-to-contract-to-block-withdrawfees
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.