Inaccurate `totalAmountCollected` Calculation in `selectWinner` Due to Ignoring Refunds
Vulnerability Details
The selectWinner function calculates the total amount collected based solely on the number of players multiplied by the entrance fee. However, this calculation does not account for any refunds that may have been processed. Players who have received a refund are still "included" in the players array with their addresses set to zero, but their contributions are no longer part of the total pool. Moreover, the subsequent raffles will keep growing the players array amplifying this discrepancy even more. This discrepancy leads to an inflated and inaccurate calculation of the totalAmountCollected.
Impact
Incorrect Prize Distribution: The actual prize pool is less than calculated, leading to overpayment to the winner and to the feeAddress.
Financial Discrepancy: The contract's financial accounting is inaccurate, potentially causing loss of funds or unexpected behavior.
Loss of Trust: Participants and stakeholders may lose trust in the raffle system due to these inaccuracies.
Recommendations
Track Actual Contributions: Implement a mechanism to accurately track the total amount collected. This could involve reducing the total amount when a refund is processed or maintaining a separate counter for the actual amount collected.
Refactor Player Array Management: Consider removing refunded players from the
playersarray or using a different data structure to manage active players and their contributions.
Lead Judging Commences
refund-doesnt-reduce-players-array-size-causing-protocol-to-freeze
zero address can win the raffle
Funds are locked to no one. If someone gets the refund issue, they also got this issue. IMPACT: High Likelihood: High
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.