Submission Details
Severity:
`refund()` reentrancy risk.
Summary
refund() reentrancy risk. Update players[playerIndex] state before sending the refund fee.
Vulnerability Details
File: PuppyRaffle.sol
096: function refund(uint256 playerIndex) public {
097: address playerAddress = players[playerIndex];
098: require(playerAddress == msg.sender, "PuppyRaffle: Only the player can refund");
099: require(playerAddress != address(0), "PuppyRaffle: Player already refunded, or is not active");
100:
101: payable(msg.sender).sendValue(entranceFee); // @audit: malicious actor can re-enter into `refund()` to siphon all entrance fee
102:
103: players[playerIndex] = address(0);
104: emit RaffleRefunded(playerAddress);
105: }
Impact
Malicious actor can re-enter into refund() to siphon all entrance fee in the contract.
Tools Used
manual review
Recommendations
updating the state before sending the fee to prevent reentrancy attack.
File: PuppyRaffle.sol
096: function refund(uint256 playerIndex) public {
097: address playerAddress = players[playerIndex];
098: require(playerAddress == msg.sender, "PuppyRaffle: Only the player can refund");
099: require(playerAddress != address(0), "PuppyRaffle: Player already refunded, or is not active");
100:
101: players[playerIndex] = address(0); // @recommendation: update state change before sending entrance fee
102: payable(msg.sender).sendValue(entranceFee);
103:
104: emit RaffleRefunded(playerAddress);
105: }
Updates
Lead Judging Commences
Hamiltonite almost 2 years ago
Submission Judgement Published Assigned finding tags:
reentrancy-in-refund
reentrancy in refund() function
Rewards breakdown
nSLOC
143This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.