Submission Details
Severity:
function enterRaffle doesn't pop the duplicates address from the entrances address list.
Summary
function enterRaffle doesn't remove the duplicates address from the entrances address list.
Vulnerability Details
Impact
Tools Used
ChatGPT
Recommendations
function enterRaffle(address[] memory newPlayers) public payable {
require(msg.value == entranceFee * newPlayers.length, "PuppyRaffle: Must send enough to enter raffle");
// Initialize a temporary array to hold unique players
address[] memory uniquePlayers = new address[](newPlayers.length);
// Iterate through new players
uint256 uniqueCount = 0;
for (uint256 i = 0; i < newPlayers.length; i++) {
bool isDuplicate = false;
// Check if the player is already in the uniquePlayers array
for (uint256 j = 0; j < uniqueCount; j++) {
if (newPlayers[i] == uniquePlayers[j]) {
isDuplicate = true;
break;
}
}
// If not a duplicate, add to the uniquePlayers array
if (!isDuplicate) {
uniquePlayers[uniqueCount] = newPlayers[i];
uniqueCount++;
}
}
// Add unique players to the players array
for (uint256 i = 0; i < uniqueCount; i++) {
players.push(uniquePlayers[i]);
}
emit RaffleEnter(uniquePlayers);
}
Updates
Lead Judging Commences
Hamiltonite almost 2 years ago
Submission Judgement Published Assigned finding tags:
refund-doesnt-reduce-players-array-size-causing-protocol-to-freeze
zero address can win the raffle
Funds are locked to no one. If someone gets the refund issue, they also got this issue. IMPACT: High Likelihood: High
Rewards breakdown
nSLOC
143This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.