First Flight #2: Puppy Raffle
First Flight #2
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Lack of input validation in enterRaffle function

anjalit

Summary

enterRaffle does not check if the newPlayers array is empty

Vulnerability Details

The enterRaffle function does not currently check if the newPlayers array is empty. If an empty array is passed, the function will revert due to the require statement

require(msg.value == entranceFee * newPlayers.length, "PuppyRaffle: Must send enough to enter raffle");

because msg.value will not be equal to 0 (which is entranceFee * newPlayers.length when newPlayers.length is 0).

Impact

This could lead to confusion for users or developers interacting with the contract, as the error message "PuppyRaffle: Must send enough to enter raffle" does not accurately describe the issue when newPlayers array is empty.

Tool Used

Manual review

Recommended Mitigation

Adding a require statement in the beginning of enterRaffle function to check if newPlayers array is not empty can fix this

function enterRaffle(address[] memory newPlayers) public payable {
require(newPlayers.length > 0, "PuppyRaffle: No players to enter the raffle");
require(msg.value == entranceFee * newPlayers.length, "PuppyRaffle: Must send enough to enter raffle");
for (uint256 i = 0; i < newPlayers.length; i++) {
players.push(newPlayers[i]);
}
// Check for duplicates
for (uint256 i = 0; i < players.length - 1; i++) {
for (uint256 j = i + 1; j < players.length; j++) {
require(players[i] != players[j], "PuppyRaffle: Duplicate player");
}
}
emit RaffleEnter(newPlayers);
}
Updates

Lead Judging Commences

Hamiltonite Lead Judge about 2 years ago
Submission Judgement Published
Invalidated
Reason: User input validation

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!