In PuppyRaffle.selectWinner()
, DOS attack.
the winner address could be a smart contract that doesn't accept ether, or consume all gas and cause Denial of service.
Or the winner can be a contract that doesn't implement the ERC721Received standard.
severity : medium
likelihood : low
manual verification
no mitigation. But to keep trying the call/simulate the call locally before broadcasting to mainnet and check for if tx fails and try till some winner can pass.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.