First Flight #2: Puppy Raffle
First Flight #2
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

`uint64 totalFees` if total fees exceeds uint64, extra fees will be locked in contract forever

abhishekthakur

Summary

if collected fees exceeds uint64 value then extra eth will stay locked in contract forever.

Vulnerability Details

totalFees variable is declared as uint64, means max value it will have is 18446744073709551615. Means fees more than
18.446744073709551615 ether will be lost.
Consider a scenerio, where total collected eth is 100 eth. so winner share will 80 eth, fee share will be 20 eth.
But fees value is downcasted to uint64, that will make owner claim only 18.446744073709551615 ether only.

function selectWinner() external {
require(block.timestamp >= raffleStartTime + raffleDuration, "PuppyRaffle: Raffle not over");
require(players.length >= 4, "PuppyRaffle: Need at least 4 players");
uint256 winnerIndex =
uint256(keccak256(abi.encodePacked(msg.sender, block.timestamp, block.difficulty))) % players.length;
address winner = players[winnerIndex];
uint256 totalAmountCollected = players.length * entranceFee;
uint256 prizePool = (totalAmountCollected * 80) / 100;
uint256 fee = (totalAmountCollected * 20) / 100;
@> totalFees = totalFees + uint64(fee);
//// rest of function code
}

Impact

if total fees are more than 18.446744073709551615 ether, That will be locked forever.

Tools Used

Manual Review

Recommendations

declare totalFees as uint256 for best approach to cover all scenarios.

Line no. 30

- uint64 public totalFees = 0;
+ uint256 public totalFees = 0;

Line no. 134

- totalFees = totalFees + uint64(fee);
+ totalFees = totalFees + fee;

update code from other places as well, wherever uin64 is used.

Updates

Lead Judging Commences

Hamiltonite Lead Judge almost 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

unsafe cast of fee to uint64

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.