Submission Details
Severity:
Reentrancy while Fee withdrawing
Summary
There is open door for Reentrancy while withdrawing fee. There must be a Reentrancy Guard because we're changing state and playing with money (cryptocurrency).
Vulnerability Details
withdrawFees missing a Reentrancy Guard
function withdrawFees() external { // 👈 here should have a Reentrancy Guard modifier. it's completely optional therefore we can implement our own Reentrancy Guard logic right below inside this function.
require(address(this).balance > 0, "PuppyRaffle: 0 fees is not withdrawable!");
require(address(this).balance == uint256(totalFees), "PuppyRaffle: There are currently players active!");
uint256 feesToWithdraw = totalFees;
totalFees = 0;
(bool success,) = feeAddress.call{value: feesToWithdraw}("");
require(success, "PuppyRaffle: Failed to withdraw fees");
}
Impact
We have vulnerability that can potentially crash our Raffle.
Tools Used
Manual Review
Recommendations
withdrawFees Reentrancy Fixed
// statements...
import {ReentrancyGuard} from "@openzeppelin/contracts/utils/ReentrancyGuard.sol";
// statements...
function withdrawFees() external nonReentrant { // 👈 🖐 here, I utilized openzeppelin's utility function / modifier called nonReentrant.
require(address(this).balance > 0, "PuppyRaffle: 0 fees is not withdrawable!");
require(address(this).balance == uint256(totalFees), "PuppyRaffle: There are currently players active!");
uint256 feesToWithdraw = totalFees;
totalFees = 0;
(bool success,) = feeAddress.call{value: feesToWithdraw}("");
require(success, "PuppyRaffle: Failed to withdraw fees");
}
// statements...
Rewards breakdown
nSLOC
143This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.