H-5: withdrawFees function get become useless when the balance and totalFees do not match
Summary
HIGH-5: The withdrawFees function compares the balance of the contract and the variable "totalFees". As stated in H-2 and highlighted in H-6 (Rounding issues), these two values can easily be mismatched, causing the withdrawFees function to be virtually useless and uncallable.
Vulnerability Details
The H-2 vulnerability highlighted, that the real contract balance is already mismatched with the totalFees value in cases when there is a refund called or when the selectWinner function was not called yet. Such a fact can become a significant obstacle when withdrawing the fees since the required statement would not allow the function to proceed further.
Impact
Potentially blocking the "withdrawFees" function indefinitely.
Tools Used
Static analysis, local testing, mathematical proof
Recommendations
Creating a state boolean variable canWithdrawFees. This variable would be "false" by default, it would be set to "true" at the end of the selectWinner function, stating that there are fees to be collected. This boolean value may be used in the require statement in the "withdrawFees" function to check whether there are fees to withdraw and again set to "false" after fees withdrawal.
Lead Judging Commences
greifers-send-money-to-contract-to-block-withdrawfees
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.