Submission Details
Severity:
Nested loop checks can lead to a Denial of Service attack
Summary
The nested loop checking for duplicate players in the PuppyRaffle::enterRaffle function can potentially lead to a Denial of Service attack
Vulnerability Details
If the players array becomes too large, the gas required to execute this function could exceed the block gas limit
Impact
This limitation can prevent legitimate users from participating in the raffle
Tools Used
Foundry
Recommendations
Instead of checking arrays in a nested loop, we should use a mapping to check for duplicates when entering the raffle.
function enterRaffle(address[] memory newPlayers) public payable {
require(msg.value == entranceFee * newPlayers.length, "PuppyRaffle: Must send enough to enter raffle");
for (uint256 i = 0; i < newPlayers.length; i++) {
if(!playerParticipating[newPlayers[i]]){
players.push(newPlayers[i]);
playerParticipating[newPlayers[i]] = true;
}else{
revert("PuppyRaffle: Duplicate player");
}
}
emit RaffleEnter(newPlayers);
}
Updates
Lead Judging Commences
Hamiltonite about 2 years ago
Submission Judgement Published Assigned finding tags:
denial-of-service-in-enter-raffle
Rewards breakdown
nSLOC
143This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.