First Flight #2: Puppy Raffle
First Flight #2
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

lack of access control in withdrawFees function

anjalit

Vulnerability Details

The withdrawFees function does not have any access control mechanism in place. This means that any address can call this function, while the function is designed to send the fees to the feeAddress, regardless of who calls the function, the lack of access control could still lead to unnecessary or malicious calls to the function, which could waste gas or potentially exploit other vulnerabilities

Impact

Even if an unauthorized user calls the function, they cannot redirect the fees to themselves. However, the lack of access control could still lead to unnecessary or malicious calls to the function.

Tools Used

Manual Review

Recommendations

Add a require statement at the beginning of the withdrawFees function to check if msg.sender is the feeAddress:

require(msg.sender == feeAddress, "PuppyRaffle: Only the fee address can withdraw fees");
Updates

Lead Judging Commences

Hamiltonite Lead Judge almost 2 years ago
Submission Judgement Published
Invalidated
Reason: User experience and design improvement
patrickalphac Lead Judge
almost 2 years ago
Hamiltonite Lead Judge almost 2 years ago
Submission Judgement Published
Invalidated
Reason: User experience and design improvement
Hamiltonite Lead Judge almost 2 years ago
Submission Judgement Published
Invalidated
Reason: User experience and design improvement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.