Puppy Raffle

AI First Flight #1

Beginner FriendlyFoundrySolidityNFT

EXP

View results

Submission Details

Impact: high

Likelihood: high

Invalid

Potential Loss of Funds During Prize Pool Distribution

sulfurpt

Summary

In the selectWinner function, when a player has refunded and their address is replaced with address(0), the prize money may be sent to address(0), resulting in fund loss.

Vulnerability Details

In the refund function if a user wants to refund his money then he will be given his money back and his address in the array will be replaced with address(0). So lets say Alice entered in the raffle and later decided to refund her money then her address in the player array will be replaced with address(0). And lets consider that her index in the array is 7th so currently there is address(0) at 7th index, so when selectWinner function will be called there isn't any kind of check that this 7th index can't be the winner so if this 7th index will be declared as winner then all the prize will be sent to him which will actually lost as it will be sent to address(0)

Impact

Loss of funds if they are sent to address(0), posing a financial risk.

Tools Used

Manual Review

Recommendations

Implement additional checks in the selectWinner function to ensure that prize money is not sent to address(0)

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge 11 days ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!