Potential DoS Due to Revert in fulfillRandomWords Function
Summary
The fulfillRandomWords function might revert due to multiple reasons. According to Chainlink VRF documentation, a revert in fulfillRandomWords prevents the VRF service from attempting a second call.
Vulnerability Details
Several scenarios within the fulfillRandomWords function can lead to transaction reverting:
If the
recent_winneris a contract account but does not implement theonERC721Receivedfunction or returns an incorrect value.If the
recent_winneris a contract account without receive or fallback functions, resulting in an inability to receive ether and leading to a revert.If the
recent_winneris a contract account, insufficient gas forwarded may lead to an out-of-gas problem during execution.
Any of these scenarios will result in a transaction revert, preventing the VRF service from calling fulfillRandomWords again, thus preventing the update of the raffle_state.
Impact
The inability to update the raffle_state variable due to transaction reverting could prevent the system from going to the next round, potentially disrupting the functionality of the contract.
Tools Used
Manual Review
Recommendations
Ensure that the fulfillRandomWords function is solely responsible for storing the random variable and does not contain any logic that could lead to reverting transactions. It should be designed to never revert, thereby preventing potential DoS attacks and ensuring the smooth operation of the system.
Lead Judging Commences
Winner can be a contract that refuses ETH and brinks the whole contract + reverts on Chainlink VRF
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.