Raisebox Faucet
First Flight #50
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Critical Logic Error in burnFaucetTokens Leads to Faucet Token Drain

bigchapo21

  • The 'burnFaucetTokens' function is designed to burn a specified amount of tokens, and it does this by sending the tokens to the owner's wallet before burning

  • The issue here is that the function contains an error when transferring/sending the tokens to the owner. Instead of sending the specified amount to be burnt, it sends the whole token balance of the contract and then burns only the specified amount from the owner's account..

function burnFaucetTokens(uint256 amountToBurn) public onlyOwner {
require(amountToBurn <= balanceOf(address(this)), "Faucet Token Balance: Insufficient");
// transfer faucet balance to owner first before burning
// ensures owner has a balance before _burn (owner only function) can be called successfully
_transfer(address(this), msg.sender, balanceOf(address(this)));
_burn(msg.sender, amountToBurn);
}

Risk

Likelihood:

  • When owner attempts to burn tokens

Impact:

  • Owner can effectively drain contract, preventing future claims for participants leading to a direct dos of the claim function, since there are no tokens available for claiming at that moment

Proof of Concept

Recommended Mitigation

- _transfer(address(this), msg.sender, balanceOf(address(this)));
+ _transfer(address(this), msg.sender, amountToBurn;
Updates

Lead Judging Commences

inallhonesty Lead Judge 6 days ago
Submission Judgement Published
Validated
Assigned finding tags:

Unnecessary and convoluted logic in burnFaucetTokens

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.