Check on balance does not match invariant
Summary
The documentation of the protocol states that every winner receives The balance of the contract (should be all the entrace fees added together).
However, this is not checked appropriately, opening up the possibility to receive more (or less) than this amount.
Vulnerability Details
The function request_raffle_winner implements the following check regarding the balance of the raffle smart contract:
In order to make sure the invariant is not violated, either because the contract contains more than just the entrance fees, or some unexpected bug led it to have less than expected, the check should actually be:
The necessity for the strict equality (==) is due to the fact that, when sending the reward to the winner, the protocol sends the entire smart contract balance.
Impact
The contract could hand out rewards that break the invariant stated in the documentation of the protocol.
Tools Used
Manual review, VSCode
Recommendations
Implementing the appropriate check on the status of the smart contract balance prevents the protocol from ever violating its own invariant and, occasionally, losing funds that were not destined for the winner of the raffle.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.