[High] Integer Overflow in PuppyRaffle::totalFees
[High] Integer Overflow in PuppyRaffle::totalFees leads to loss of protocol revenue
Description
The PuppyRaffle contract is compiled with Solidity version 0.7.6. In versions prior to 0.8.0, arithmetic operations were subject to silent overflows and underflows unless a library like SafeMath was used.
In the selectWinner function, the protocol fee is calculated and added to the totalFees state variable. Since totalFees is a uint64, it has a maximum value of $2^{64}-1$. Once the cumulative fees exceed this limit, the value "wraps around" to zero.
Risk
-
Likelihood: Medium. While it requires a high volume of raffles, it is a mathematical certainty for a successful protocol.
-
Impact: High. When the overflow occurs, the owner will be unable to withdraw the correct amount of fees earned, leading to a direct loss of protocol revenue.
Proof of Concept (PoC)
The following code confirms that in Solidity 0.7.6, a uint64 will wrap around to 0 instead of reverting when its limit is exceeded.
Recommended Mitigation
Upgrade the contract to Solidity 0.8.0 or higher, or use OpenZeppelin's SafeMath library for the fee accumulation logic.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Judging
Submissions are being reviewed by our AI judge. Results will be available in a few minutes.
View all submissionsRewards Distribution
The contest is complete and the rewards are being distributed.