Raisebox Faucet
First Flight #50
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: medium
Invalid

Missing Event Emission for Daily Claim Limit Adjustment in `RaiseBoxFaucet::adjustDailyClaimLimit`

0xzhd

Root + Impact

Description

The adjustDailyClaimLimit function allows the contract owner to modify the dailyClaimLimit by either increasing or decreasing it based on the increaseClaimLimit parameter. Despite altering a critical state variable, the function does not emit an event to log this change. This makes it challenging for off-chain systems, such as dashboards, analytics tools, or indexers, to detect and reflect updates to the daily claim limit.

function adjustDailyClaimLimit(uint256 by, bool increaseClaimLimit) public onlyOwner {
if (increaseClaimLimit) {
dailyClaimLimit += by;
} else {
if (by > dailyClaimLimit) {
revert RaiseBoxFaucet_CurrentClaimLimitIsLessThanBy();
}
dailyClaimLimit -= by;
}
@> // @audit - missing event here
}

Risk

Likelihood:

  • If other state-changing functions (e.g., claimFaucetTokens) emit events that indirectly allow tracking of claim activity, the lack of a custom event in adjustDailyClaimLimit has minimal impact, as some information may still be inferred.

  • If no related events are emitted elsewhere, or if off-chain systems specifically rely on dailyClaimLimit updates, the likelihood of issues increases, as these systems cannot track changes to the claim limit.

Impact:

  • Without events, off-chain applications may fail to track changes to the daily claim limit, leading to reduced transparency and potential user confusion.

  • Lack of a clear, custom event makes it difficult for dApps, analytics tools, and indexers to distinguish limit adjustments from other state changes.

Proof of Concept

  • In Solidity, events are a critical mechanism for logging state changes, enabling off-chain applications (e.g., The Graph, Etherscan, or dApps) to monitor and react to updates efficiently.

  • For administrative functions that modify key parameters like dailyClaimLimit, emitting a custom event is a best practice. It provides explicit context, making it easier for indexers and analytics platforms to track changes and distinguish them from other state updates.

  • Without an event, tracking relies on polling storage variables, which is inefficient, costly, and prone to delays or errors in real-time applications.

Recommended Mitigation

Add a custom event, DailyClaimLimitAdjusted, and emit it at the end of the adjustDailyClaimLimit function to log the new limit and the direction of the change (increase or decrease). This improves traceability, enhances integration with off-chain systems, and ensures better transparency.

+ event DailyClaimLimitAdjusted(uint256 newLimit, bool increased);
.
.
.
function adjustDailyClaimLimit(uint256 by, bool increaseClaimLimit) public onlyOwner {
if (increaseClaimLimit) {
dailyClaimLimit += by;
} else {
if (by > dailyClaimLimit) {
revert RaiseBoxFaucet_CurrentClaimLimitIsLessThanBy();
}
dailyClaimLimit -= by;
}
+ emit DailyClaimLimitAdjusted(dailyClaimLimit, increaseClaimLimit);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 2 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!