Root + Impact

Description

The claimFaucetTokens function is designed to allow users to claim tokens from the faucet when sufficient balance exists. Users should be able to claim tokens as long as the faucet balance is greater than or equal to the drip amount.

The specific issue is an incorrect comparison operator where the function uses <= instead of <, preventing the last user from claiming when the faucet balance exactly equals the drip amount.

Risk

Likelihood:

• Occurs naturally when faucet balance equals drip amount

• Happens to the last user attempting to claim

• No special conditions required

• Common scenario in normal operation

Impact:

• Last user cannot claim their entitled tokens

• Tokens remain locked in contract

• Poor user experience and trust issues

• Denial of service for legitimate claims

Proof of Concept

This test demonstrates how a valid claim is rejected when balance equals drip amount:

1. Setup: We give the faucet exactly 100 tokens (equal to faucetDrip)

2. Attempt: A user tries to claim tokens

3. Result: The transaction reverts with "Faucet is empty" despite sufficient balance

The exploit works because:

• The condition checks if balance <= faucetDrip

• When balance == faucetDrip, the condition evaluates to true

• This triggers the "Faucet is empty" revert

• The user cannot claim despite having exactly enough tokens

Recommended Mitigation

Change the comparison operator from <= to < to allow claims when the balance exactly equals the drip amount. This ensures the last user can claim their entitled tokens when sufficient balance exists.