Submission Details
Severity:
The calculation of ```totalAmountCollected``` did not take refund into account
Summary
The calculation of totalAmountCollected did not take refund into account
Vulnerability Details
If someone refund, the balance of PuppyRaffle is smaller than prizePool. The balance of PuppyRaffle is not enough to pay for the prize for winner. The selectWinner() function will always revert.
Impact
The selectWinner() function will freeze.
Tools Used
manual
foundry
POC
function testSelectWinnerFailWhenSomeoneRefund() public playersEntered {
vm.startPrank(playerFour);
uint256 playerIndex = puppyRaffle.getActivePlayerIndex(playerFour);
puppyRaffle.refund(playerIndex);
vm.stopPrank();
vm.warp(block.timestamp + duration + 1);
vm.roll(block.number + 1);
vm.expectRevert();
puppyRaffle.selectWinner();
Recommendations
change the calculation of totalAmountCollected and take refund into account
Updates
Lead Judging Commences
Hamiltonite about 2 years ago
Submission Judgement Published Assigned finding tags:
refund-doesnt-reduce-players-array-size-causing-protocol-to-freeze
zero address can win the raffle
Funds are locked to no one. If someone gets the refund issue, they also got this issue. IMPACT: High Likelihood: High
Rewards breakdown
nSLOC
143This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.