DoS Vulnerability in `withdrawFees` Function
Summary
The withdrawFees function in the smart contract contains a denial of service (DoS) vulnerability due to a strict requirement that compares the contract's balance with the accumulated fees (totalFees). The requirement, require(address(this).balance == uint256(totalFees), can render the function unusable if the contract's balance exceeds the total fees due to external actions. This issue could potentially allow malicious actors to prevent legitimate execution of the withdrawFees function.
Vulnerability Details
The vulnerability arises from the require statement within the withdrawFees function, which checks if the contract's balance matches the totalFees variable. This requirement is problematic because it relies on the contract's balance, which can be unpredictably affected by external actions, such as self-destruct operations or unexpected ether transfers. If the contract's balance exceeds totalFees, the withdrawFees function will always fail, rendering it unusable.
Impact
A successful attack could lock the funds in the contract and disrupt its intended operation.
Tools Used
Manual analysis
Recommendations
Modify the function to calculate the amount of fees to withdraw based on the totalFees variable without relying on address(this).balance
Lead Judging Commences
greifers-send-money-to-contract-to-block-withdrawfees
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.