First Flight #2: Puppy Raffle
First Flight #2
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

_isActivePlayer should be an external function, not internal, since it checks whether msg.sender is in the players array

happyformerlawyer

Summary

_isActivePlayer is an internal function so it can only be called by this contract or contracts that inherit it, and it only checks whether msg.sender is in the players array. But because this function is internal and not called by any other functions in the contract, the only address that could be msg.sender is this contract, and this contract isn't gonna be a player in the lottery.

Vulnerability Details

function _isActivePlayer() internal view returns (bool) {
for (uint256 i = 0; i < players.length; i++) {
if (players[i] == msg.sender) {
return true;
}
}
return false;
}

Impact

This function serves no purpose in its current state. No active players can actually call it. If the purpose is for someone to be able to confirm they are in the current lottery, it should be an external function.

Tools Used

Manual review

Recommendations

Make it an external function. It does have a purpose in allowing people to confirm they have been entered in the lottery.

Updates

Lead Judging Commences

Hamiltonite Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.