Overflow in 'enterRaffle'
Summary
Missing overflow check in 'enterRaffle' function
Vulnerability Details
Solidity version of the contract is ^0.7.6 which means overflows happen quietly.
Impact
In theory it is possible the contract to be initialized with very high 'entranceFee' which would allow the function caller to engineer newPlayers array with appropriate length that causes "entranceFee * newPlayers.length" to overflow. This would allow the function caller to enter the raffle sending miniscule value.
Here is a test showcasing the scenarion:
Set the entrance fee to a very high value:
uint256 entranceFee = type(uint256).max / 3 + 1;Add this test and run it. It passes.:
function testCanEnterRaffleExtreme() public {
console.log("entranceFee: %s", entranceFee);
address[] memory players = new address;
players[0] = playerOne;
players[1] = playerTwo;
players[2] = playerThree;
puppyRaffle.enterRaffle{value: 2}(players);
assertEq(puppyRaffle.players(0), playerOne);
}
I am setting the severity to medium as it is unlikely this scenario to happen.
There are far easier ways to render this contract unusable.
Tools Used
Manual review
Recommendations
Add overflow checks.
Lead Judging Commences
overflow-uint64
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.