Summary
The enter_raffle function in the Snek Raffle contains an assert for raffle payment to enable users to participate in the raffle if they pay the exact required amount. However, if users pay more or less than the exact amount, the raffle reverts the transaction with a misleading revert message.
Vulnerability Details
Please checkout the Line 115 of Snek Raffle.
.
.
.
@external
@payable
def enter_raffle():
"""Enter the raffle by sending the entrance fee."""
assert msg.value == ENTRANCE_FEE, ERROR_SEND_MORE_TO_ENTER_RAFFLE
-------------------------------------------^
assert self.raffle_state == RaffleState.OPEN, ERROR_RAFFLE_NOT_OPEN
self.players.append(msg.sender)
log RaffleEntered(msg.sender)
.
.
.
PoC
Failed with Inappropriate revert message
Put the following test into your snek raffle test file at very bottom.
def test_raffle_reverts_even_when_you_pay_more_than_enough(raffle_boa, entrance_fee):
boa.env.set_balance(USER, STARTING_BALANCE * 2)
with boa.env.prank(USER):
with boa.reverts("SnekRaffle: Send more to enter raffle"):
raffle_boa.enter_raffle(value=entrance_fee * 2)
Open your terminal, and execute the following command. (Make sure virtual environment is activated)
pytest -v tests/snek_raffle_test.py::test_raffle_reverts_even_when_you_pay_more_than_enough -s
Output
==================================================================== test session starts =====================================================================
platform linux -- Python 3.10.12, pytest-8.0.2, pluggy-1.4.0 -- /home/theirrationalone/vyperenv/bin/python
cachedir: .pytest_cache
hypothesis profile 'default' -> database=DirectoryBasedExampleDatabase(PosixPath('/home/theirrationalone/first-flights/2024-03-snek-raffle/.hypothesis/examples'))
rootdir: /home/theirrationalone/first-flights/2024-03-snek-raffle
plugins: titanoboa-0.1.8, cov-4.1.0, hypothesis-6.98.17
collected 1 item
tests/snek_raffle_test.py::test_raffle_reverts_even_when_you_pay_more_than_enough PASSED
===================================================================== 1 passed in 2.88s ======================================================================
Impact
It could potentially confuse users and lead them to exit the raffle prematurely.
Tools Used
Manual Review, Pytest
Recommendations
You should choose one of the following options:
Allow users to pay at least the exact or more than the required amount, or
Provide an appropriate message to indicate to users that they need to pay the exact sufficient amount to participate in the raffle.
You can do either of one changes into the raffle...
Change the validation conditional...
.
.
.
# External Functions
@external
@payable
def enter_raffle():
"""Enter the raffle by sending the entrance fee."""
- assert msg.value == ENTRANCE_FEE, ERROR_SEND_MORE_TO_ENTER_RAFFLE
+ assert msg.value >= ENTRANCE_FEE, ERROR_SEND_MORE_TO_ENTER_RAFFLE
assert self.raffle_state == RaffleState.OPEN, ERROR_RAFFLE_NOT_OPEN
self.players.append(msg.sender)
log RaffleEntered(msg.sender)
.
.
.
Or, Chage the assert Message...
.
.
.
# Errors
ERROR_NOT_ENDED: constant(String[25]) = "SnekRaffle: Not ended"
ERROR_TRANSFER_FAILED: constant(String[100]) = "SnekRaffle: Transfer failed"
- ERROR_SEND_MORE_TO_ENTER_RAFFLE: constant(String[100]) = "SnekRaffle: Send more to enter raffle"
+ ERROR_SEND_EXACT_AMOUNT_TO_ENTER_RAFFLE: constant(String[100]) = "SnekRaffle: Send exact amount to enter raffle"
ERROR_RAFFLE_NOT_OPEN: constant(String[100]) = "SnekRaffle: Raffle not open"
ERROR_NOT_COORDINATOR: constant(String[46]) = "SnekRaffle: OnlyCoordinatorCanFulfill"
.
.
.
# External Functions
@external
@payable
def enter_raffle():
"""Enter the raffle by sending the entrance fee."""
- assert msg.value == ENTRANCE_FEE, ERROR_SEND_MORE_TO_ENTER_RAFFLE
+ assert msg.value == ENTRANCE_FEE, ERROR_SEND_EXACT_AMOUNT_TO_ENTER_RAFFLE
assert self.raffle_state == RaffleState.OPEN, ERROR_RAFFLE_NOT_OPEN
self.players.append(msg.sender)
log RaffleEntered(msg.sender)
.
.
.
