Constants

• ONE_EGLD: Represents the amount of EGLD required to participate in the lottery.
• MAX_NR: The upper limit for the random number generation, which influences winner selection.

Contract Trait

• Lottery: The main trait of the contract, including initialization and the mechanism for drawing a winner.

Functions

• init(): Initializes the lottery contract.
• draw_winner(): Allows participants to enter the lottery and attempts to draw a winner based on random number generation.

All possible vulnerabilities exploits

Reentrancy:

• Definition: a common attack used by untrustworthy contracts which repeatedly call the vulnerable contract in order to drain funds
• Why does it apply: in the current contract there is no way of checking if the user has already participated, and the state is not updated
• How to prevent it: use a map that holds data related to the users that are participating, create a ticket logic, updating the state before sending the funds and using the pull-over-push design

Denial of Service:

• Definition: its capable of preventing a contract from operating for a short period or permanently, basically locking the contract
• Why does it apply: an attacker can use the require!(payment == ONE_EGLD, "Invalid payment); check in order to block any up and coming transfer to the lottery, with that he can be the only one participating
• How to prevent it: rate limiting, validating external calls and using the pull-over-push design