Check for duplicates on enter raffle loops within a loop making it vulnerable to a gas griefing attack.
Summary
In PuppyRaffle::enterRaffle function, we loop within another loop to check for duplicates in the player array. The dangerous part about this is that, the length of the players array is user modifiable ergo.
Vulnerability Details
This is prone to a dos attack by gas griefing whereby new players can't enter the raffle because of the exhorbitantly high gas required if a user decides to over populate the players array by entering the raffle very many times.
Impact
This is prone to a dos attack by gas griefing whereby new players can't enter the raffle because of the exhorbitantly high gas required if a user decides to over populate the players array by entering the raffle very many times.
Tools Used
Manual audit
Recommendations
switch from using an array to keep track of the players of the current raffle to using a mapping or better yet, an OpenZeppelin EnumerableMap, or EnumerableSet. With these data types, entries can be checked for existence in constant time (O(1)).
Lead Judging Commences
denial-of-service-in-enter-raffle
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.