First Flight #2: Puppy Raffle

First Flight #2

Beginner FriendlyFoundryNFT

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

Reentrancy Attack on `refund` and `selectWinner` Functions

emanherawy

Summary

The refund and selectWinner functions in the PuppyRaffle smart contract are susceptible to reentrancy attacks. These functions make external calls to transfer funds and update the contract's state. As a result, an attacker can exploit this vulnerability to repeatedly call these functions before the state updates, potentially draining the contract of funds or selecting a winner multiple times.

Vulnerability Details

The vulnerability arises from the fact that external calls are made to transfer funds before state changes occur. This allows an attacker to perform the following steps:

For `refund` function

The attacker calls the refund function.
The attacker's address, if malicious, can contain another smart contract with a fallback function that calls the refund function again. This creates a reentrancy loop.
Within this reentrancy loop, the attacker's malicious contract can repeatedly call the refund function, potentially draining the contract of funds

For `selectWinner` function

The attacker calls the selectWinner function when the calculated winnerIndex is equal to an a malicious address that the attacker controls & contain another smart contract with a fallback function that calls the selectWinner functions again. This creates a reentrancy loop. and drain the contract of funds

Impact

High: An attacker can exploit this vulnerability to drain the contract of funds, which can lead to significant financial loss for the contract. Additionally, the attacker can manipulate the winner selection process, resulting in unfair outcomes.

Tools Used

Manual review of the smart contract code.

Recommendations

To mitigate the reentrancy vulnerability in the refund and selectWinner functions, consider the following recommendations:

Implement the Checks-Effects-Interactions Pattern: Ensure that external calls and state changes occur in the correct order. Specifically, make state changes before interacting with external contracts. This pattern can help prevent reentrancy attacks.
Use the ReentrancyGuard: You can use the ReentrancyGuard contract like OpenZeppelin's Contracts library, which provides a reusable solution to protect against reentrancy attacks. This contract adds a modifier to functions that require protection from reentrancy.

By implementing these recommendations, you can significantly reduce the risk of reentrancy attacks in the PuppyRaffle smart contract, enhancing its security and reliability.

Checks-Effects-Interactions Pattern

Reentrancy Guard (OpenZeppelin)

Updates

Lead Judging Commences

Hamiltonite Lead Judge about 2 years ago

Submission Judgement Published

Validated

Assigned finding tags:

reentrancy-in-refund

reentrancy in refund() function

Rewards breakdown

nSLOC

143

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.