First Flight #2: Puppy Raffle

First Flight #2

Beginner FriendlyFoundryNFT

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Invalid

enterRaffle Possible after elapsed duration

equious

Summary

The enterRaffle function does not limit entry when a raffle's duration has elapsed, this results in players never being sure of the probability of winning and impacts the experience of those who registered in time.

Vulnerability Details

function testCantEnterAfterDurationElapsed() public {

address[] memory players = new address[](5);

players[0] = playerOne;

players[1] = playerTwo;

players[2] = address(3);

players[3] = address(4);

address[] memory players2 = new address[](1);

players2[0] = address(5);

puppyRaffle.enterRaffle{value: entranceFee * 4}(players);

vm.warp(block.timestamp + duration + 1);

vm.roll(block.number + 1);

vm.expectRevert();

puppyRaffle.enterRaffle{value: entranceFee}(players2);

}

Failing tests:

Encountered 1 failing test in test/PuppyRaffleTest.t.sol:PuppyRaffleTest

[FAIL. Reason: PuppyRaffle: Must send enough to enter raffle] testCantEnterAfterDurationElapsed() (gas: 20339)

Impact

The raffle becomes unfair to those who registered at the correct time, players can never be sure of the probability of winning until selectWinner is called.

Tools Used

Foundry,
Manual Review

Recommendations

Add check to enterRaffle function to verify that the required duration hasn't elapsed. You could also implement enum states to control what can happen when at each phase of a raffle: ie:

enum {

OPEN,

CLOSED,

SELECTING_WINNER

}

And applying these states where/when appropriate.

Updates

Lead Judging Commences

Hamiltonite Lead Judge almost 2 years ago

Submission Judgement Published

Invalidated

Reason: User experience and design improvement

equious Submitter

almost 2 years ago

patrickalphac Lead Judge

almost 2 years ago

Hamiltonite Lead Judge almost 2 years ago

Submission Judgement Published

Invalidated

Reason: User experience and design improvement

Hamiltonite Lead Judge almost 2 years ago

Submission Judgement Published

Invalidated

Reason: User experience and design improvement

Rewards breakdown

nSLOC

143

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.