Raisebox Faucet
First Flight #50
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

[M-1] `claimFaucetTokens::dailyDrip` reset allows bypass of `dailySepEthCap` limitation and drain `RaiseBoxFaucet` contract ETH balance.

mario02

Root + Impact

Description

  • Normally when a user claims a SepETH token dailyDrips usually incremented on each user claim. So, it will be useful to track counting and check the dailySepEthCaplimitation.

  • The problem arises when an already claimed user tries to claim SepETH or faucet tokens; the conditions aren't met in the if (!hasClaimedEth[faucetClaimer] && !sepEthDripsPaused) as they have already received SepETH tokens. So, it moves to the else block, and there dailyDrips gets reset to 0.

} else {
@audit reset the dailyDrip tracking
@> dailyDrips = 0;
}

Risk

Likelihood:

  • Any user can repeatedly call claimFaucetTokens function, so the issue occurs on every repeated call from a prior claimer within the same day.

Impact:

  • Because of the reset issue, there is no point of having dailySepEthCap; also, any number of users can claim SepETH tokens until the faucet contract balance is insufficient.

Proof of Concept

function test_IsDailyDripResetWhenOldEthClaimerClaimAgain() public {
//Initial DailyDrip value before anyone claim SepETH
uint256 initialDailyDrip = raiseBoxFaucet.dailyDrips();
console.log("Initial dailyDrip:", initialDailyDrip); //0
//Simulating new user(user1) claiming SepETH
vm.prank(user1);
raiseBoxFaucet.claimFaucetTokens();
uint256 newDailyDrip = raiseBoxFaucet.dailyDrips();
assertEq(raiseBoxFaucet.dailyDrips(), 0.005 ether);
console.log("New dailyDrip after user1 claim:", newDailyDrip); //5000000000000000
//Simulating with 3 more new users claiming SepETH
address[3] memory newUsers = [user2, user3, user4];
for (uint256 i = 0; i < newUsers.length; i++) {
vm.prank(newUsers[i]);
raiseBoxFaucet.claimFaucetTokens();
}
uint256 newDailyDripAfter3MoreUsers = raiseBoxFaucet.dailyDrips();
assertEq(raiseBoxFaucet.dailyDrips(), 0.02 ether);
console.log(
"New dailyDrip after 3 more new users claim:",
newDailyDripAfter3MoreUsers
); //20000000000000000
//Simulating old user(user1) to claim SepETH again
advanceBlockTime(block.timestamp + 3 days);
vm.prank(user1);
raiseBoxFaucet.claimFaucetTokens();
uint256 dailyDripAfterUser1Claim = raiseBoxFaucet.dailyDrips();
assertEq(raiseBoxFaucet.dailyDrips(), 0);
console.log(
"dailyDrip after user1 try to claim again: ",
dailyDripAfterUser1Claim
); //0
}

Explanation

  • When the user1 calls claimFaucetTokens function to claim SepETH for the first time, dailyDrips increase to 0.005 ether.

  • Again three more users(user2, user3, user4) each claim SepETH for the first time by calling claimFaucetTokens function. After these three claims dailyDrips increases to 0.02 ether.

  • Advance time past the 3‑day cooldown, user1 who has already received SepETH calls claimFaucetTokens function, the function executes the else block as the user1 claimed ETH token before and dailyDrips reset to 0.

Recommended Mitigation

Remove the else block entirely. dailyDrips should only reset when a new day starts not when a user call the function again.

- else
- {
- dailyDrips = 0;
- }
Updates

Lead Judging Commences

inallhonesty Lead Judge 13 days ago
Submission Judgement Published
Validated
Assigned finding tags:

dailyDrips Reset Bug

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.