`sendValue()` function not checked for return bool in `PuppyRaffle` contract
Summary
The refund() function in the PuppyRaffle contract does not check the return value of the sendValue() function. This means that it is possible for the sendValue() function to fail and the contract to still set the player's address to address(0).
Vulnerability Details
The refund() function sends the player's entrance fee back to the player using the sendValue() function. The sendValue() function returns a boolean value indicating whether the transfer was successful. However, the refund() function does not check the return value of the sendValue() function. This means that it is possible for the sendValue() function to fail and the contract to still set the player's address to address(0).
Impact
The contract may not respond to or account for cases where the transfer fails, such as due to out-of-gas errors or an invalid destination address. This can result in Ether being stuck or unaccounted for, potentially affecting the contract's functionality and user experience.
Tools Used
Manual analysis
Recommendations
The refund() function should check the return value of the sendValue() function and revert the transaction if the transfer fails
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.