Puppy Raffle

AI First Flight #1

Beginner FriendlyFoundrySolidityNFT

EXP

View results

Previous Next

Submission Details

Impact: low

Likelihood: low

Invalid

Unsafe uint64(fee) cast truncates large fees and the unused _isActivePlayer is dead code, reducing correctness and clarity

sub99

Truncating `uint64(fee)` cast and unused `_isActivePlayer` reduce correctness and clarity

Description

Two informational issues degrade code quality. First, selectWinner narrows the fee with totalFees = totalFees + uint64(fee) (src/PuppyRaffle.sol:134), truncating any fee above 2^64 - 1 wei. Second, _isActivePlayer (src/PuppyRaffle.sol:173-180) is an internal function that is never called anywhere in the contract — dead code.

totalFees = totalFees + uint64(fee); // @> 134: truncating downcast

function _isActivePlayer() internal view returns (bool) { // @> 173-180: never called

for (uint256 i = 0; i < players.length; i++) {

if (players[i] == msg.sender) {

return true;

}

return false;

}

Risk

Likelihood:

Low. The truncation only manifests for fees exceeding ~18.4 ETH, and dead code has no runtime trigger at all.

Impact:

Low. The downcast can silently understate totalFees and contribute to broken fee accounting, while the unused _isActivePlayer wastes deployment gas, invites confusion, and may mislead readers/auditors into assuming an active-player check exists where it does not.

Proof of Concept

A large fee demonstrates the truncation, and a static scan confirms _isActivePlayer has zero callers.

function test_uint64FeeTruncation() public pure {

uint256 fee = uint256(type(uint64).max) + 1;

assertEq(uint64(fee), 0); // @> value above 2^64-1 wraps to 0

}

// grep for `_isActivePlayer(` across src/ returns only its definition => dead code.

Recommended Mitigation

Use uint256 for fees and remove the unused function.

- uint64 public totalFees = 0;

+ uint256 public totalFees = 0;

...

- totalFees = totalFees + uint64(fee);

+ totalFees = totalFees + fee;

...

- function _isActivePlayer() internal view returns (bool) {

- for (uint256 i = 0; i < players.length; i++) {

- if (players[i] == msg.sender) {

- return true;

- }

- return false;

- }

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 3 hours ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!