First Flight #11: Snek-Raffle

First Flight #11

Beginner FriendlyFoundryNFT

100 EXP

View results

Previous Next

Submission Details

Severity: low

Invalid

`request_raffle_winner()` Returns the Total Supply of NFTS Instead of the RequestID

EloiManuel

Summary

The request_raffle_winner() function of the Snek-Raffle contract is requesting a random number to chose a random winner, and then returning the number of minted Snek NFTs instead of the ID of such request.

Vulnerability Details

Notice that, after requesting a random number using Chainlink VRF, instead of returning request_id, the Snek-Raffle contract is returning the total number of NFTs minted so far:

@external

def request_raffle_winner() -> uint256:

"""Request a random winner from the VRF Coordinator after a raffle has completed."""

is_open: bool = RaffleState.OPEN == self.raffle_state

time_passed: bool = (block.timestamp - self.last_timestamp) > RAFFLE_DURATION

has_players: bool = len(self.players) > 0

has_balance: bool = self.balance > 0

assert is_open and time_passed and has_players and has_balance, ERROR_NOT_ENDED

self.raffle_state = RaffleState.CALCULATING

request_id: uint256 = VRF_COORDINATOR.requestRandomWords(

GAS_LANE,

SUBSCRIPTION_ID,

REQUEST_CONFIRMATIONS,

CALLBACK_GAS_LIMIT,

NUM_WORDS

)

@> return ERC721._total_supply()

Impact

Users may think that after calling the request_raffle_winner() function they will get the request ID of such request instead of the misleading total supply of Snek NFTs.

Tools Used

Manual analysis.

Recommendations

It is recommended to return the request ID as shown below instead of the total supply of Snek NFTs:

...

- return ERC721._total_supply()

+ return request_id

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

Returning Total Supply Instead of Request ID in request_raffle_winner

EloiManuel Submitter

over 1 year ago

inallhonesty Lead Judge

over 1 year ago

EloiManuel Submitter

over 1 year ago

inallhonesty Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

Returning Total Supply Instead of Request ID in request_raffle_winner

Rewards breakdown

nSLOC

136

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.