First Flight #2: Puppy Raffle
First Flight #2
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

`Puppy Raffle::refund()` function has a reentrancy vulnerability

MSaptarshi007

Summary

Puppy Raffle::refund() function has a possible reentrancy vulnerability where , An attacker could deploy the above contract and then call the refund function, causing the malicious contract to execute code upon receiving Ether, effectively reentering the refund function and possibly reentering it multiple times , and therefore we should rearrange the code lines to prevent it from reentrancy.

Vulnerability Details

function refund(uint256 playerIndex) public {
address playerAddress = players[playerIndex];
require(
playerAddress == msg.sender,
"PuppyRaffle: Only the player can refund"
);
require(
playerAddress != address(0),
"PuppyRaffle: Player already refunded, or is not active"
);
// @audit-issue Reentrancy possibility
// players[playerIndex] = address(0);
@> payable(msg.sender).sendValue(entranceFee);
players[playerIndex] = address(0);
emit RaffleRefunded(playerAddress);
}

If the playerindex is updated later after we refunded the amount , then the attacker could drain the fund.

Impact

Reentrancy

Tools Used

  • Manual Review

Recommendations

Update the players index before sending the amount

- require(
- playerAddress != address(0),
- "PuppyRaffle: Player already refunded, or is not active");
-
- payable(msg.sender).sendValue(entranceFee);
- players[playerIndex] = address(0);
+ require(
+ playerAddress != address(0),
+ "PuppyRaffle: Player already refunded, or is not active");
+ players[playerIndex] = address(0);
+ payable(msg.sender).sendValue(entranceFee);
Updates

Lead Judging Commences

Hamiltonite Lead Judge almost 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

reentrancy-in-refund

reentrancy in refund() function

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.