First Flight #2: Puppy Raffle
First Flight #2
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

`PuppyRaffle::getActivePlayerIndex` return index 0 if the address is not a player

aethrouzz

Summary

The default value for PuppyRaffle::getActivePlayerIndex if the function hasn't found any match is 0 which is actually the index of the first player.

Vulnerability Details

function getActivePlayerIndex(address player) external view returns (uint256) {
for (uint256 i = 0; i < players.length; i++) {
if (players[i] == player) {
return i;
}
}
return 0;
}

as you can see from the code snippet above any address which is not in the raffle which return index 0

Impact

The likelihood of people calling this function with any address is 100% but their is not negative effect on it because in the PuppyRaffle:refund function which is the only function which need the index we have require(playerAddress == msg.sender, "PuppyRaffle: Only the player can refund"); which protect any exploit.

Tools Used

reading the code

Recommendations

- function getActivePlayerIndex(address player) external view returns (uint256) {
- for (uint256 i = 0; i < players.length; i++) {
- if (players[i] == player) {
- return i;
- }
- }
- return 0;
- }
+ function getActivePlayerIndex(address player) external view returns (uint256) {
+ for (uint256 i = 0; i < players.length; i++) {
+ if (players[i] == player) {
+ return i;
+ }
+ }
+ return 2**256 - 1;
+ }
Updates

Lead Judging Commences

Hamiltonite Lead Judge about 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

getActivePlayerIndex can say a player is both entered at slot 0 and inactive

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!