Submission Details
Severity:
Check `players.length >= 4` is not correct
Summary
Check players.length >= 4 is not correct
Vulnerability Details
require(players.length >= 4, "PuppyRaffle: Need at least 4 players");
This statement requires at least 4 players to participate but what if they were refunded before?
That makes players.length is not changed but the player in that array is not active.
So the logic of the raffle will be wrong.
Impact
Ex: If the player in index 3 has refunded, but with this logic they are the winner so the winning prize will be sent to
address(0) so the prize will lost forever
Tools Used
Manual
Foundry
Recommendations
- require(players.length >= 4, "PuppyRaffle: Need at least 4 players");
+ uint256 numberActivePlayer;
+ for (uint256 i = 0; i < players.length; i++) {
+ if (players[i] != address(0)) {
+ numberActivePlayer++;
+ }
+ }
+ require(numberActivePlayer >= 4, "PuppyRaffle: Need at least 4 active players");
Updates
Lead Judging Commences
Hamiltonite over 1 year ago
Submission Judgement Published Assigned finding tags:
refund-doesnt-reduce-players-array-size-causing-protocol-to-freeze
zero address can win the raffle
Funds are locked to no one. If someone gets the refund issue, they also got this issue. IMPACT: High Likelihood: High
Rewards breakdown
nSLOC
143This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.