The return value of `PuppyRaffle::getActivePlayerIndex` can be misleading for the first player in `PuppyRaffle::players`.
Summary
The function documentation says that we return 0 in case the player we're searching for is not an active player.
Vulnerability Details
This does not account for the fact that, the player we're searching for might be at index 0 of PuppyRaffle::players.
Impact
This leads the first player in the raffle into believing they are not part of the current raffle. Assuming the main reason for calling this function is because we will like to request to be refunded, this leads the player of the raffle into thinking his funds are locked up in the contract as he can't recall it as "he isn't an active player in the current raffle", which is false.
Tools Used
Manual Review
Recommendations
Use a less ambiguous number to represent a matching result wasn't found. For example, type(uint256).max. This is a suitable number for this because, this is so large a number that, it is reasonably feasible that the PuppyRaffle::players will never get to this size.
Lead Judging Commences
getActivePlayerIndex can say a player is both entered at slot 0 and inactive
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.