Missing player refunded check on the winner selection causing loss of funds
Summary
The PuppyRaffle#selectWinner() function does not take into account the possibility that the winner could be a refunded player, therefore the address(0), causing 80% of the total in the pool to be burnt.
Vulnerability Details
If a player get refunded the PuppyRaffle#refund() function will set the address in the players array at the specific index equal to the address(0). This will cause the following line of code in the PuppyRaffle#selectWinner() function to send the prize for the winner (if this player was selected as the winner) to be lost.
Impact
If the selected winner in a specific round is a refunded player funds will be lost being sent to the address(0)
Tools Used
Manual review.
Recommendations
Add a check in the PuppyRaffle#selectWinner() function making sure the winner will be an active player.
Lead Judging Commences
zero address can win the raffle
Funds are locked to no one. If someone gets the refund issue, they also got this issue. IMPACT: High Likelihood: High
zero address can win the raffle
Funds are locked to no one. If someone gets the refund issue, they also got this issue. IMPACT: High Likelihood: High
zero address can win the raffle
Funds are locked to no one. If someone gets the refund issue, they also got this issue. IMPACT: High Likelihood: High
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.