Beginner FriendlyFoundryNFT
100 EXP
View results
Submission Details
Severity: medium
Valid

`PuppyRaffle:: withdrawFees` Wrong implementation of Require condition leads to locking protocol fees permanently

Summary

withdrawFees function have incorrect implementation of condition, that will lock the fees permanently.

Vulnerability Details

Consider following code snippet, problematic line is highlighted.

function withdrawFees() external {
@> require(address(this).balance == uint256(totalFees), "PuppyRaffle: There are currently players active!");
uint256 feesToWithdraw = totalFees;
totalFees = 0;
(bool success,) = feeAddress.call{value: feesToWithdraw}("");
require(success, "PuppyRaffle: Failed to withdraw fees");
}

Consider the following scenario, selectWinner is called, now winner is paid and new round started. Now owner try to withdraw fees. But his transaction is front run by user by calling enterRaffle. Since now fund in contract is greator than fees, so it will revert. It will happens most of the time and fee will stuck there forever.

Impact

Collected ETH fees will be locked in the contract.

Tools Used

Manual Review

Recommendations

update the require like this, as fees is accounted seperately so owner should be able to claim it whenever he want.

- require(address(this).balance == uint256(totalFees), "PuppyRaffle: There are currently players active!");
+ require(address(this).balance >= uint256(totalFees), "PuppyRaffle: There are currently players active!");

Here is the updated function

function withdrawFees() external {
require(address(this).balance >= uint256(totalFees), "PuppyRaffle: There are currently players active!");
uint256 feesToWithdraw = totalFees;
totalFees = 0;
(bool success,) = feeAddress.call{value: feesToWithdraw}("");
require(success, "PuppyRaffle: Failed to withdraw fees");
}
Updates

Lead Judging Commences

Hamiltonite Lead Judge almost 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

greifers-send-money-to-contract-to-block-withdrawfees

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.