First Flight #2: Puppy Raffle

First Flight #2

Beginner FriendlyFoundryNFT

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

Reentrancy Vulnerability in refund Function

Chandr

Summary

The refund function within the provided smart contract exhibits a reentrancy vulnerability. This issue arises from the order of operations where the contract state is updated after funds are transferred, creating a window of opportunity for malicious actors to exploit the contract.

Vulnerability Details

In the refund function, the following sequence of operations is observed:

payable(msg.sender).sendValue(entranceFee); - The contract sends the refund to the player.
players[playerIndex] = address(0); - The state of the contract (the player's address in the players array) is updated.

The vulnerability arises because state updates are performed after transferring funds. If the msg.sender is a malicious contract, it can initiate a fallback function to call the refund function again before the original call completes. This can lead to multiple refunds being processed before the player's address is set to address(0).

Impact

Multiple Refunds: A malicious actor can exploit the reentrancy vulnerability to withdraw more than their entitled refund.
Financial Loss: The contract may suffer significant financial losses if the vulnerability is exploited multiple times.
Loss of Trust: Discovering such vulnerabilities can erode trust in the contract and deter future participation.

Tools Used

manual

Recommendations

State Update First: Always update the contract state before transferring funds. In this case, set players[playerIndex] to address(0) before sending the refund.
Use Checks-Effects-Interactions Pattern: Adhere to the Checks-Effects-Interactions pattern, which recommends performing all checks first, updating state variables next (effects), and then interacting with other contracts or addresses.
ReentrancyGuard: Implement a reentrancy guard, a commonly used pattern in Solidity to prevent recursive calls.
Regular Audits and Testing: Continuously audit and test the contract, especially when modifications are made, to ensure that no new vulnerabilities are introduced.
Documentation: Ensure that the contract's functions and potential risks are well-documented to guide future developers or auditors.

Updates

Lead Judging Commences

Hamiltonite Lead Judge almost 2 years ago

Submission Judgement Published

Validated

Assigned finding tags:

reentrancy-in-refund

reentrancy in refund() function

Rewards breakdown

nSLOC

143

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.