Zero address can be selected as a winner
Due to the refund leaving blank spots in the players array, selectWinner can select zero address as the winner
Description
Due to the refund function leaving blank spots in the players array and selectWinner relying on the players array length to pick a winner of the raffle, zero address can be picked as a winner, resulting in permanent loss of that NFT as well as prize ETH.
Recommended Mitigation
Modify the refund function so it doesn't leave blank spots in the players array.
Lead Judging Commences
[H-01] Potential Loss of Funds During Prize Pool Distribution
## Description In the `selectWinner` function, when a player has refunded and their address is replaced with address(0), the prize money may be sent to address(0), resulting in fund loss. ## Vulnerability Details In the `refund` function if a user wants to refund his money then he will be given his money back and his address in the array will be replaced with `address(0)`. So lets say `Alice` entered in the raffle and later decided to refund her money then her address in the `player` array will be replaced with `address(0)`. And lets consider that her index in the array is `7th` so currently there is `address(0)` at `7th index`, so when `selectWinner` function will be called there isn't any kind of check that this 7th index can't be the winner so if this `7th` index will be declared as winner then all the prize will be sent to him which will actually lost as it will be sent to `address(0)` ## Impact Loss of funds if they are sent to address(0), posing a financial risk. ## Recommendations Implement additional checks in the `selectWinner` function to ensure that prize money is not sent to `address(0)`
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Judging
Submissions are being reviewed by our AI judge. Results will be available in a few minutes.
View all submissionsRewards Distribution
The contest is complete and the rewards are being distributed.