`PuppyRaffle::selectWinner` function dangerous uint64 cast which can cause `PuppuRaffle::withdrawFees` malfunction
Summary
The PuppyRaffle::selectWinner function accumulates fee in PuppyRaffle::totalFees variable. The problem is we cast fee which is a uint256 in a uint64, therefore if the value of fee is higher than 2**64-1 a big portion of the fees will not be accumulated in PuppyRaffle::totalFees variable and make the function PuppyRaffle:withdrawFees malfunction forever.
Vulnerability Details
The function PuppyRaffle::withdrawFees which has a require such as
will never be fulfilled if we truncated a portion of the fee.
This is likely to happen if
which mean
depending on value of entraceFee it means this condition will be satisfied if
If this scenario happen we will always have in PuppyRaffle::withdrawFees function this
therefore this function will always revert and the fees will be lost forever in the smart contract.
Impact
If the game is popular and there are lots of player this is likely to happen and the consequences is lost of funds therefore it is a high vulnerability
Tools Used
reading the code
Recommendations
Lead Judging Commences
greifers-send-money-to-contract-to-block-withdrawfees
unsafe cast of fee to uint64
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.