Summary

If there are many entrants to a raffle, looping over unbound arrays to check for duplicate entries can cause DoS via gas limits. Raffle contract interactions such as entering a raffle could also be prohibitively expensive to perform.

Details

Each block in the Ethereum blockchain can has a certain gas limit (currently it's 30 million gas). If there are many entrants to the raffle and every single entry causes enterRaffle function to go through a nested loop with length of players.length (when checking for duplicates) this could, in certain situations, lead to block gas limit being exhausted and transactions failing.

Filename

src/PuppyRaffle.sol

Permalinks

https://github.com/Cyfrin/2023-10-Puppy-Raffle/blob/07399f4d02520a2abf6f462c024842e495ca82e4/src/PuppyRaffle.sol#L86-L90

Impact

Transactions failing due to block gas limit being hit. Entering a raffle could be very expensive.

Recommendations

Reconsider having code to check for duplicates. Even with this check in place, anyone can just use another of their addresses to enter with so having a check for duplicates is superfluous and easily worked around.

Tools Used

• Manual Audit

• Foundry