First Flight #2: Puppy Raffle
First Flight #2
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Inaccurate prize pool and fee calculation

luka

Summary

The calculation of totalAmountCollected does not account for refounded users and this affects prizePool and fee calculations.

Vulnerability Details

If one or more users get refunded totalAmountCollected calculation will be inaccurate because PuppyRaffle::players.length doesn't change if users get refunded but the amount of collected entrance fees decreases for every refund.

Impact

Inaccurate totalAmountCollectedcalculation will cause a failure ofprizePooland/orfeepayout - calls toPuppyRaffle::selectWinnerand/orPuppyRaffle::withdrawFees` will fail.

function testInaccuratePrizepool() public playersEntered {
vm.prank(playerOne);
puppyRaffle.refund(0);
vm.warp(block.timestamp + duration + 1);
vm.roll(block.number + 1);
vm.expectRevert("PuppyRaffle: Failed to send prize pool to winner");
puppyRaffle.selectWinner();
}

Tools Used

Foundry

Recommendations

When calculating totalAmountCollected count only active participants of the raffle. Ignore address(0) entries in PuppyRaffle::players array or keep a record of active participants / collected entry fees in separate mapping.

Updates

Lead Judging Commences

Hamiltonite Lead Judge about 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

refund-doesnt-reduce-players-array-size-causing-protocol-to-freeze

zero address can win the raffle

Funds are locked to no one. If someone gets the refund issue, they also got this issue. IMPACT: High Likelihood: High

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!