First Flight #2: Puppy Raffle
First Flight #2
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Excessive Gas Consumption

sandman

Summary

The "PuppyRaffle" contract has high gas consumption due to the iteration over the players array in multiple functions. This PoC demonstrates the issue and provides recommendations to reduce gas consumption.

Vulnerability Details

The vulnerability lies in the excessive gas consumption caused by iterating over the players array. This issue is prevalent in functions such as enterRaffle, refund, and _isActivePlayer.

// Gas-inefficient player array iteration
function enterRaffle(address[] memory newPlayers) public payable {
// ...
for (uint256 i = 0; i < newPlayers.length; i++) {
players.push(newPlayers[i]);
}
// ...
}
function refund(uint256 playerIndex) public {
// ...
for (uint256 i = 0; i < players.length; i++) {
if (players[i] == msg.sender) {
// ...
}
}
// ...
}
function _isActivePlayer() internal view returns (bool) {
for (uint256 i = 0; i < players.length; i++) {
if (players[i] == msg.sender) {
return true;
}
}
return false;
}

Impact

High gas consumption affects the usability of the contract, making it more costly for participants to interact with it. Additionally, it may cause transactions to fail if they exceed the block gas limit. This could make the contract vulnerable to DoS attacks.

Tools Used

VSCode
Foundry

Recommendations

Use Mappings for Player Data: Replace the array with a mapping where player addresses are keys, and their status can be efficiently checked.

mapping(address => bool) public isPlayer;
Updates

Lead Judging Commences

patrickalphac Lead Judge about 2 years ago
Submission Judgement Published
Invalidated
Reason: Gas optimizations

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!