Submission Details
Severity:
Zero fee Withdraw
Summary
It makes no sense to withdraw zero fee.
Vulnerability Details
withdrawFees
function withdrawFees() external {
// 👈 here, Should have a `require check` for zero fee.
require(address(this).balance == uint256(totalFees), "PuppyRaffle: There are currently players active!");
uint256 feesToWithdraw = totalFees;
totalFees = 0;
(bool success,) = feeAddress.call{value: feesToWithdraw}("");
require(success, "PuppyRaffle: Failed to withdraw fees");
}
Impact
Meaning less withdraw (zero fee withdraw) makes such an inconvenience (Gas Wastage) for feeAddress holder (owner maybe).
Tools Used
Manual review
Recommendations
withdrawFees zero fee check added
function withdrawFees() external {
require(address(this).balance > 0, "PuppyRaffle: 0 fees is not withdrawable!"); // here 👈 🖐 A require check for zero fee withdrawal.
require(address(this).balance == uint256(totalFees), "PuppyRaffle: There are currently players active!");
uint256 feesToWithdraw = totalFees;
totalFees = 0;
(bool success,) = feeAddress.call{value: feesToWithdraw}("");
require(success, "PuppyRaffle: Failed to withdraw fees");
}
Updates
Lead Judging Commences
Hamiltonite about 2 years ago
Submission Judgement Published Reason: User experience and design improvement
Assigned finding tags:
greifers-send-money-to-contract-to-block-withdrawfees
Rewards breakdown
nSLOC
143This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.