Raisebox Faucet

First Flight #50

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: low

Valid

Illogical Balance Check in `mintFaucetTokens` Prevents Normal Operation

objectplayer

Root + Impact

The mintFaucetTokens function contains inverted logic that prevents minting when balance is GREATER than 1000 tokens, making the function unusable just the after deployment, if balance is not reduced.

Description

The expected behavior is that owner should be able to mint tokens to replenish supply whenever needed.
The bug on lines 113-115 reverts when balance is HIGH, preventing normal operations.

function mintFaucetTokens(address to, uint256 amount) public onlyOwner {

if (to != address(this)) {

revert RaiseBoxFaucet_MiningToNonContractAddressFailed();

}

@> if (balanceOf(address(to)) > 1000 * 10 ** 18) {

@> revert RaiseBoxFaucet_FaucetNotOutOfTokens(); // Backwards logic!

@> }

_mint(to, amount);

}

Risk

Likelihood:

The owner will attempt to mint tokens proactively when the contract still has a healthy balance above 1000 tokens to ensure continuous faucet operation
After initial deployment with 1 billion tokens, the function is immediately blocked and remains unusable until balance drops below 1000 tokens

Impact:

Owner cannot maintain proactive supply management, being forced to wait until the faucet is nearly depleted (< 1000 tokens) before replenishing
Poor user experience as the faucet may run completely dry during the waiting period, leaving users unable to claim tokens

Proof of Concept

This test demonstrates how the backwards logic prevents the owner from minting tokens when the contract has a healthy balance. The contract is deployed with the standard initial supply, and the owner immediately tries to mint additional tokens for future needs, but the transaction reverts due to the illogical balance check.

const { expect } = require("chai");

describe("M-1: Illogical mintFaucetTokens Check", function () {

it("Should fail to mint when balance > 1000", async function () {

const [owner] = await ethers.getSigners();

const Faucet = await ethers.getContractFactory("RaiseBoxFaucet");

const faucet = await Faucet.deploy("Token", "TKN", ethers.parseEther("1000"), ethers.parseEther("0.005"), ethers.parseEther("1"));

// Try to mint - should fail because balance > 1000

await expect(

faucet.mintFaucetTokens(await faucet.getAddress(), ethers.parseEther("10000"))

).to.be.revertedWithCustomError(faucet, "RaiseBoxFaucet_FaucetNotOutOfTokens");

console.log("❌ Cannot mint with balance > 1000 tokens");

});

Recommended Mitigation

Remove the illogical check to allow flexible minting. The check serves no purpose and blocks normal operations. Removing it allows the owner to manage supply proactively.

function mintFaucetTokens(address to, uint256 amount) public onlyOwner {

if (to != address(this)) {

revert RaiseBoxFaucet_MiningToNonContractAddressFailed();

}

- if (balanceOf(address(to)) > 1000 * 10 ** 18) {

- revert RaiseBoxFaucet_FaucetNotOutOfTokens();

- }

_mint(to, amount);

}

Updates

Lead Judging Commences

inallhonesty Lead Judge 12 days ago

Submission Judgement Published

Validated

Assigned finding tags:

mintFaucetTokens is unusable due to logic/design mismatch with initial supply

Rewards breakdown

nSLOC

157

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.