First Flight #2: Puppy Raffle
First Flight #2
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

withdrawFees() is unusable

silvana

Summary

Useless requirement in withdrawFees()

Vulnerability Details

Fees can be withdrawn only after successful check : ' require(address(this).balance == uint256(totalFees), "PuppyRaffle: There are currently players active!");'

'totalFees' is a value that only increases and is brought to 0 after a successful fees withdrawal while the contract's balance could be any amount and also 0 as there are ways to drain the contract out of its funds(reported in another finding).

Impact

It may not be possible to transfer collected fees ever.

Tools Used

Manual review

Recommendations

First make sure the economics of the contract is OK. Then remove that requirement.

Updates

Lead Judging Commences

Hamiltonite Lead Judge almost 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

greifers-send-money-to-contract-to-block-withdrawfees

arie71 Auditor
almost 2 years ago
patrickalphac Lead Judge
almost 2 years ago
Hamiltonite Lead Judge almost 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

greifers-send-money-to-contract-to-block-withdrawfees

Hamiltonite Lead Judge almost 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

greifers-send-money-to-contract-to-block-withdrawfees

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.