First Flight #2: Puppy Raffle
First Flight #2
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Withdrawal function can be bricked forever due to a strict totalFees & balance calculation

0xswahili

Summary

A strict contract Ether balance requirement can brick all withdrawals

Vulnerability Details

The withdrawal function requires that the contract's Ether balance MUST be equal to the fee earned. This is based on an assumption the the fee will be the leftover after the contest has closed. However, this calculation ignores Solidity integer rounding-down.

Scenario:
contest fee = 51
final entries left = 13
contract balance before selectWinner= 51 * 13 = 663
winner = 663 * 80 / 100 = 530.4 => 530 rounded down
fee recipient = 663 * 20 / 100 = 132.6 => 132 rounded down
contract balance after winner gets paid= 663 - 530 = 133
withdrawal call expects = 133 == 132

Impact

Withdrawal fee are forever stuck in the contract

Tools Used

Recommendations

Fee recipient should receive the contract balance ie leftover after winner calculation.

  1. Remove line 158

- require(address(this).balance == uint256(totalFees), "PuppyRaffle: There are currently players active!");

  1. Change Ln 133

- uint256 fee = (totalAmountCollected * 20) / 100;
+ uint256 fee = address(this).balance;
Updates

Lead Judging Commences

Hamiltonite Lead Judge about 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

greifers-send-money-to-contract-to-block-withdrawfees

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!