Unchecked uint256 value for solidity 0.7.6 version leads to overflow issue
Summary
Since the SafeMath library that checks the overflow issues is adopted after Solidity 0.8.0 version, therefore there should be extra validations for the uint value operation within this protocol.
Vulnerability Details
Inside the enterRaffle function, which takes an address array as input value, there is no validation for an empty array. If an user invoke the function with empty array as input, the first for-loop that use i as index will overflow when calculating players.length - 1, the value will become 2**256 -1. Although the second layer of for-loop will not execute since j will always be a positive value, which breaks the j < players.length statement since players.length is 0. The for-loop will still take a long time for execution.
Impact
The user who misuse the input parameter will lead to unexpected behavior and consume a lot of gas.
Tools Used
manual review and foundry test
Recommendations
Check the length of address array at the beginning of the function. For example, adding require statement or revert statement when the length of newPlayer is zero.
Lead Judging Commences
entrance fee can overflow (* # of players)
You'd have to have a TON of money for this to happen. IMPACT: HIGH LIKELIHOOD: VERY LOW
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.