First Flight #2: Puppy Raffle

Summary

The was no proper check on the array length on enterRaffle(), which could lead to a DOS attack on the system. The address was not also checked if address(0) will be mistakenly included.

Vulnerability Details

The vulnerability in the contract is rooted in the lack of proper checks within the enterRaffle() function. Specifically, there are two main issues:

1. Unbounded Array Length: The function doesn't check the length of the player's array, which means anyone can keep entering the raffle, potentially leading to an unbounded array size. This can result in high gas costs or even denial-of-service (DOS) attacks as the array grows uncontrollably.

2. Address Check: The contract also lacks validation for the player's address. Without address validation, address(0) (an empty or null address) can be included in the list of players. This can lead to unexpected behaviour and security issues.

Impact

The unbounded array length issue can result in excessive gas costs and make the contract susceptible to DOS attacks. An attacker could keep entering the raffle with multiple addresses, causing the players array to grow uncontrollably.

The absence of address validation could lead to unexpected behavior, and the inclusion of address(0) might have unintended consequences in other parts of the contract.

Tools Used

Manual

Recommendations

To address the unbounded array length issue, the enterRaffle() function should include a check to ensure that the number of players does not exceed a reasonable limit. This helps prevent excessive gas costs and DOS attacks.

Address validation checks should also be added to ensure that only valid and non-empty addresses are allowed to enter the raffle. These measures will improve the security and predictability of the contract's behavior.