Overflow vulnerability in `enterRaffle` function due to unchecked multiplication
Summary
enterRaffle has a vulnerability due to the unchecked multiplication operation entranceFee * newPlayers.length. This issue may allow attackers to bypass the payment check if an overflow occurs during the multiplication.
Vulnerability Details
In the enterRaffle function, the requirement require(msg.value == entranceFee * newPlayers.length, "PuppyRaffle: Must send enough to enter raffle") is intended to ensure that the caller sends the correct amount of Ether to enter the raffle. However, since Solidity prior to version 0.8.0 does not automatically check for overflows, the expression entranceFee * newPlayers.length could overflow without causing an error. An overflow here may result in a lower than expected value, potentially allowing an attacker to bypass the payment requirement with a smaller Ether amount.
Impact
If exploited, this vulnerability could allow an attacker to enter the raffle without paying the full amount required. This could lead to financial losses for the contract and unfair advantages in the raffle.
Tools Used
Manual code review
Recommendations
To mitigate this issue, consider the following recommendations:
Upgrade the Solidity compiler version to 0.8.0 or later, which includes built-in overflow checks.
Alternatively, if upgrading the compiler version is not feasible, use SafeMath library for arithmetic operations to prevent overflows.
Add explicit checks or use a fixed size array to limit the length of
newPlayersto a reasonable number to reduce the risk of overflow.
Lead Judging Commences
entrance fee can overflow (* # of players)
You'd have to have a TON of money for this to happen. IMPACT: HIGH LIKELIHOOD: VERY LOW
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.