Owner cannot withdraw fee due to incorrect require
Summary
The vulnerability concerns the require statement in the withdrawFees function, which checks if address(this).balance is equal to uint256(totalFees). This check restricts the withdrawal of fees, allowing it only when the contract's balance is exactly equal to the total fees. The issue with this check is that it can prevent the owner from withdrawing fees, even if the raffle has already concluded, because new users can join anytime and increase the contract's balance.
Vulnerability Details
PoC
Users: 10 users join, each pays 1 ether, address(this).balance = 10 ether
Contract: lottery complete, 8 ether goes to winner, address(this).balance = 2 ether, totalFees = 2 ether
Users: 1 joins, address(this).balance = 3 ether
Owner: tries to withdraw fees, but "require(address(this).balance == uint256(totalFees)" is triggered because the contract balance is greater than totalFees.
Impact
The impact of this require statement is that it can hinder the owner's ability to withdraw fees, even when the raffle has already concluded. The owner should have the flexibility to withdraw fees at any time, as this operation does not impact the lottery's functionality. If new users join the raffle after it has ended, the contract's balance may increase, making it impossible for the owner to withdraw fees.
Tools Used
Manual review.
Recommendations
To address this issue, it is recommended to remove the require statement that checks address(this).balance == uint256(totalFees).
Lead Judging Commences
greifers-send-money-to-contract-to-block-withdrawfees
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.