First Flight #2: Puppy Raffle

First Flight #2

Beginner FriendlyFoundryNFT

100 EXP

View results

Previous Next

Submission Details

Severity: low

Valid

No Event Emitted in enterRaffle() Function on Player Multi-Entry Into Raffle

yeahchibyke

Summary

No Event Emitted in enterRaffle() Function on Player Multi-Entry Into Raffle

Vulnerability Details

The enterRaffle() function in the original smart contract does not emit an event when a player tries to enter the raffle multiple times. This is a bug because it could make it difficult for users and developers to track the behavior of the contract and detect any potential issues.

Impact

Let's say a user tries to enter the raffle multiple times with the same address. The enterRaffle() function will allow this and add the address to the players array multiple times. However, because the function does not emit an event when a duplicate is found, the user will not be notified that they are trying to enter the raffle multiple times. This could potentially lead to confusion and misunderstanding.

Tools Used

Remix, PhindAI, Foundry

Recommendations

To mitigate this issue, the enterRaffle() function should emit an event when a player tries to enter the raffle multiple times. This can be done by adding an emit statement in the function. Here's an example of how this could be done:

event RaffleEnter(address indexed player, bool duplicate);

function enterRaffle(address[] memory newPlayers) public payable {

require(msg.value == (newPlayers.length * entranceFee), "PuppyRaffle: Incorrect amount of Ether provided");

for (uint256 i = 0; i < newPlayers.length; i++) {

bool isDuplicate = false;

for (uint256 j = 0; j < players.length; j++) {

if (players[j] == newPlayers[i]) {

isDuplicate = true;

break;

}

if (!isDuplicate) {

players.push(newPlayers[i]);

}

emit RaffleEnter(newPlayers[i], isDuplicate);

}

In this modified version of the enterRaffle() function, the function emits a RaffleEnter event for each address in the newPlayers array. The event includes the address of the player and a boolean indicating whether the address is a duplicate. This provides feedback to the user that they are trying to enter the raffle multiple times and makes the contract's behavior more transparent and easier to track.

Updates

Lead Judging Commences

Hamiltonite Lead Judge almost 2 years ago

Submission Judgement Published

Validated

Assigned finding tags:

events are missing or not detailed enough

Rewards breakdown

nSLOC

143

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.