First Flight #2: Puppy Raffle

First Flight #2

Beginner FriendlyFoundryNFT

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

Nested Loops in enterRaffle Leading to Potential Denial of Service

Osora9

Summary

The enterRaffle function in the provided smart contract utilizes nested loops, which when provided with a large set of players can result in excessive gas consumption, potentially leading to a denial of service.

Vulnerability Details

contract PuppyRaffle {

...

function enterRaffle(address[] memory newPlayers) public payable {

...

// Check for duplicates

for (uint256 i = 0; i < players.length - 1; i++) {

for (uint256 j = i + 1; j < players.length; j++) {

require(players[i] != players[j], "PuppyRaffle: Duplicate player");

}

Due to the nested loops, the computational complexity of this function increases quadratically with the number of new players. This can result in the function consuming an excessive amount of gas and becoming unusable.

Impact

Can lead to denial of service when called with a large set of players, making the enterRaffle function unusable.

POC

Fund the contract with adequate ETH.
Note the balance.
Call the testTooManyPlayersEnter function with 257 players.
The estimated gas usage for this transaction is 31997436.
As the number of players increases, gas consumption increases exponentially.
Notice the extremely high gas usage, which can result in the function being inoperable on many networks due to exceeding gas limits.

Code

function testTooManyPlayersEnter() public {

address[] memory players = new address[](257);

for(uint256 i = 0; i < 257; i++){

players[i] = address(i);

}

puppyRaffle.enterRaffle{value: entranceFee * 257}(players);

assertEq(puppyRaffle.players(256), players[256]);

}

Tools Used

・foundry

Recommendations

Optimize the enterRaffle function by removing the nested loops. One approach to ensure no duplicate players are entered is by using a mapping. Replace the players array with a mapping to track whether an address has entered the raffle.

+ mapping(address => bool) public playersEntered;

And then, in the enterRaffle function:

for(uint256 i = 0; i < players.length; i++) {

- for (uint256 j = i + 1; j < players.length; j++) {

- require(players[i] != players[j], "PuppyRaffle: Duplicate player");

- }

+ require(!playersEntered[players[i]], "Player has already entered");

+ playersEntered[players[i]] = true;

}

Updates

Lead Judging Commences

Hamiltonite Lead Judge about 2 years ago

Submission Judgement Published

Validated

Assigned finding tags:

denial-of-service-in-enter-raffle

Rewards breakdown

nSLOC

143

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!