enterRaffle() function does not check for zero addresses which will lead to miss calculations
Summary
In PuppyRaffle.sol:: enterRaffle() there is no check for zero addresses input, that can cause the protocol to fail or miss-function.
Vulnerability Details
PuppyRaffle.sol:: enterRaffle() function is responsible for entering new players into the raffle. It's expected to have a check that there is no "0" address among those new addresses for the game to be correct and fair, yet, there is not.
Impact
First issue with having zero address as an input is that the contract is checking for the entrance fees
if a zero address was submitted by mistake then this equality will always be false and the function will revert.
Second issue:Assuming there was enough value for fees and the array registered, there is a problem that the totalAmount and prizePool are calculated according to the array length which now includes empty slots mis-leading the calculations and may cause the protocol to fail if there is no balance to cover the prize.
Tools Used
Manual review
Recommendations
Add this check to enterraffle()
Lead Judging Commences
zero address can win the raffle
Funds are locked to no one. If someone gets the refund issue, they also got this issue. IMPACT: High Likelihood: High
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.