A sufficiently large size of players array might render the contract unusable
Summary
players is stored in address arrays, A very large arrays might cause enterRaffle function to always be unable to complete, causing Denial of Service for this contract.
This is also not necessarily malicious, an organic growth in the players array could also cause this to happen.
Vulnerability Details
enterRaffle loop through the address array to check for duplicates (using double loop). For a sufficiently large array, it is possible that this function might never complete (since the gas requirement is so large it might exceed the block's gas limit for example, or it could just be sufficiently expensive to economically deter anyone to enter the raffle)
Impact
After certain entries, user won't be able to enter raffle anymore
Malicious attacker could also use many different addresses to enter the raffle, lengthening the arrays artificially hence breaking the contract. although the entranceFee provide economic deterrent against doing this.
Tools Used
Foundry
Recommendations
consider other mechanisms of storing raffle entries like using mapping instead of arrays.
Lead Judging Commences
denial-of-service-in-enter-raffle
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.