First Flight #2: Puppy Raffle

Summary

This vulnerability arises from the inability of players to call the _isActivePlayer function to check their active status within the contract.

The absence of this capability can impact user transparency and functionality.

Vulnerability Details

The core issue lies in the fact that players cannot access the _isActivePlayer function to verify their active status within the contract.

The risk level of this issue is assessed as Medium since the ability for players to check their active status is a crucial aspect of user interaction with the contract.

While there is an alternative method of verifying active status by calling the enterRaffle function as it will revert with PuppyRaffle: Duplicate player status if the players is already active.

However, this approach is not ideal due to the presence of another issue - Denial of Service (DoS) - that can disrupt functionality. This potential disruption could prevent players from effectively checking their status.

Impact

The absence of a player-accessible function to verify active status can negatively affect user transparency and functionality within the contract.

Tools Used

VS Code: Manual

Recommendations

• If this function is In use: I recommend Adding a publicly accessible function, such as isActivePlayer, that call to the _isActivePlayer function and allows players to query and verify their active status within the contract without the risk of unintended disruptions.

• If this function is Not In Use : I recommend removing this function to improve readability and decrease the contract size

Extra Concerns

• If this function is In use, the curent logic still contain the DoS attack since it loop though the players array.

Therefore, I recommend update the logic of cheking active status to prevent DoS issue