Raisebox Faucet

First Flight #50

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

Incorrect tranfer amount

mahimachauhan7

The amount send from user to contract or owner for burning is balance(address(this)) that can leads to complete loss of fund for the user.

Description:

In the burnFaucetTokens function, the contract transfers the entire faucet balance (balanceOf(address(this))) to the owner instead of transferring only the amountToBurn.

As a result, calling this function drains all tokens from the contract balance to the owner, instead of transferring just the specified amount intended for burning.

This logic flaw can lead to a complete loss of user funds stored in the faucet contract.

Risk: High

Likelihood

Reason 1. When owner call try to burn a specefic amount of token, and it exceution lead to complete loss of fund of the user.
Reason 2 The user might wanted to burn specific amount of money but owner took it's all money.

Impact

Complete lose of fund of user.

Proof of Concept

Suppose the faucet contract holds 10,000 tokens.

The owner calls burnFaucetTokens(1000).
Instead of transferring 1,000 tokens, the function transfers all 10,000 tokens to the owner.
_burn(msg.sender, 1000) then burns only 1,000 from the owner’s balance — leaving the remaining 9,000 tokens permanently with the owner.

function burnFaucetTokens(uint256 amountToBurn) public onlyOwner {

require(amountToBurn <= balanceOf(address(this)), "Faucet Token Balance: Insufficient");

// transfer faucet balance to owner first before burning

// ensures owner has a balance before _burn (owner only function) can be called successfully

_transfer(address(this), msg.sender, balanceOf(address(this))); // @audit the amount to burn should be send not balance.

// @audit Try reetrancy

_burn(msg.sender, amountToBurn);

}

Recommended Mitigation:

Replace the incorrect transfer call with the correct one:

- _transfer(address(this), msg.sender, balanceOf(address(this)));

+ _transfer(address(this), msg.sender, amountToBurn);

Updates

Lead Judging Commences

inallhonesty Lead Judge 3 days ago

Submission Judgement Published

Validated

Assigned finding tags:

Unnecessary and convoluted logic in burnFaucetTokens

Rewards breakdown

nSLOC

157

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.