First Flight #2: Puppy Raffle
First Flight #2
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Possible DoS Attack Risk In withdrawFees() Function

yeahchibyke

Summary

Possible DoS Attack Risk In withdrawFees() Function

Vulnerability Details

The withdrawFees() does not check if the feeAddress is the zero address, which is a valid Ethereum address. If the function is called with the zero address, it will attempt to send the fees to the zero address, which is not possible because the zero address does not have a balance.

Impact

Let's say an attacker wants to disrupt the withdrawFees() function. The attacker could call the changeFeeAddress() function with the zero address as the new fee address. The withdrawFees() function will then attempt to send the fees to the zero address, causing the function to fail and consume all the gas available for the transaction.

Tools Used

Remix, Foundry, PhindAI

Recommendations

To mitigate this issue, the withdrawFees() function should check if the feeAddress is the zero address before attempting to send the fees.
This can be done using the require statement with the condition:

feeAddress != address(0)

This check ensures that the function does not proceed if the feeAddress is the zero address.

Here's how the withdrawFees() function is modified to include this check:

function withdrawFees() external {
require(feeAddress != address(0), "PuppyRaffle: Invalid fee address");
require(address(this).balance == uint256(totalFees), "PuppyRaffle: Incorrect balance");
payable(feeAddress).transfer(address(this).balance);
totalFees = 0;
emit FeesWithdrawn(feeAddress);
}
Updates

Lead Judging Commences

Hamiltonite Lead Judge about 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

greifers-send-money-to-contract-to-block-withdrawfees

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!