Raisebox Faucet

First Flight #50

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Impact: medium

Likelihood: low

Invalid

Redundant state variables

kevin1115

Root + Impact

Description

uint256 public blockTime
This line of code simply stores the block time at the time of deployment.
However, throughout the contract:

It is never used in logic;

It is not involved in claims or resets;

It is never updated

// Root cause in the codebase with @> marks to highlight the relevant section

contract RaiseBoxFaucet is ERC20, Ownable {

mapping(address => uint256) private lastClaimTime;

mapping(address => bool) private hasClaimedEth;

address public faucetClaimer;

uint256 public constant CLAIM_COOLDOWN = 3 days;

uint256 public dailyClaimLimit = 100;

uint256 public faucetDrip;

uint256 public constant INITIAL_SUPPLY = 1000000000 * 10 ** 18;

uint256 public lastDripDay;

uint256 public lastFaucetDripDay;

uint256 public dailyDrips;

uint256 public sepEthAmountToDrip;

bool public sepEthDripsPaused;

uint256 public dailyClaimCount;

uint256 public dailySepEthCap;

// @> simply use block.timestamp in the function, eliminating the need for state storage.

uint256 public blockTime = block.timestamp;

Risk

Likelihood:

uint256 public blockTime exists as a persistent state variable and can be completely removed to optimize gas and storage costs

Impact:

This will occupy a storage slot (32 bytes).
Each deployment will incur an additional SSTORE cost.

This variable will never be read or modified.

Proof of Concept

Recommended Mitigation

- remove this code

contract RaiseBoxFaucet is ERC20, Ownable {

mapping(address => uint256) private lastClaimTime;

mapping(address => bool) private hasClaimedEth;

address public faucetClaimer;

uint256 public constant CLAIM_COOLDOWN = 3 days;

uint256 public dailyClaimLimit = 100;

uint256 public faucetDrip;

uint256 public constant INITIAL_SUPPLY = 1000000000 * 10 ** 18;

uint256 public lastDripDay;

uint256 public lastFaucetDripDay;

uint256 public dailyDrips;

uint256 public sepEthAmountToDrip;

bool public sepEthDripsPaused;

uint256 public dailyClaimCount;

uint256 public dailySepEthCap;

Updates

Lead Judging Commences

inallhonesty Lead Judge 10 days ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

157

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.