No Maximum Players Limit
Root + Impact
Description
-
* The `enterRaffle()` function does not enforce any maximum limit on the number of players that can enter a raffle. Players can be added indefinitely until the array grows extremely large.
* Without limits, a malicious actor could fill the array with thousands of entries, causing gas limit issues when `selectWinner()` is called or making the contract unusable due to excessive gas costs in operations that iterate over the array.
```solidity:79:92:src/PuppyRaffle.sol
function enterRaffle(address[] memory newPlayers) public payable {
require(msg.value == entranceFee * newPlayers.length, "PuppyRaffle: Must send enough to enter raffle");
for (uint256 i = 0; i < newPlayers.length; i++) {
players.push(newPlayers[i]);
}
// Check for duplicates
for (uint256 i = 0; i < players.length - 1; i++) {
for (uint256 j = i + 1; j < players.length; j++) {
require(players[i] != players[j], "PuppyRaffle: Duplicate player");
}
}
emit RaffleEnter(newPlayers);
}
```
Risk
Likelihood:
-
* This occurs when attackers or users add excessive numbers of players to the raffle
* A single malicious transaction could add hundreds or thousands of players
* The O(n²) duplicate check makes this even more problematic as array grows
Impact:
-
* Gas limit DoS attacks - `selectWinner()` may exceed block gas limits
* Unbounded gas costs for all operations that iterate over players array
* Contract becomes unusable if array grows too large
* Potential for permanent DoS if array size prevents winner selection
Proof of Concept
Recommended Mitigation
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Judging
Submissions are being reviewed by our AI judge. Results will be available in a few minutes.
View all submissionsRewards Distribution
The contest is complete and the rewards are being distributed.