First Flight #2: Puppy Raffle
First Flight #2
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Lack of address(0) will enforce the msg.sender to pay more.

timenov

Summary

newPlayers array can contain address(0) which will make the user pay more to bypass this require(msg.value == entranceFee * newPlayers.length, "PuppyRaffle: Must send enough to enter raffle");

Vulnerability Details

In the payable function enterRaffle we have 1 parameter which is address[] memory newPlayers. The first line of the function is require(msg.value == entranceFee * newPlayers.length, "PuppyRaffle: Must send enough to enter raffle");. If there is an address(0) in the array the user will have to pay more eth to bypass the require.

Impact

Enforce the user to may more than he should.

Tools Used

Manual Review, Foundry

Proof of Concept

Added the following test case:

function testCantEnterRaffleWithAddressZero() public {
address[] memory players = new address[](3);
players[0] = playerOne;
players[1] = address(0);
players[2] = playerTwo;
uint256 entranceFeeForTwoPlayers = entranceFee * 2;
puppyRaffle.enterRaffle{value: entranceFeeForTwoPlayers}(players);
assertEq(puppyRaffle.players(0), playerOne);
}

Result:

[FAIL. Reason: PuppyRaffle: Must send enough to enter raffle] testCantEnterRaffleWithAddressZero() (gas: 19809)

Recommendations

Add address(0) check in the for loop

for (uint256 i = 0; i < newPlayers.length; i++) {
+ require(newPlayers[i] != address(0), "Address 0");
players.push(newPlayers[i]);
}
Updates

Lead Judging Commences

Hamiltonite Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Zero address checks

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.