Raisebox Faucet
First Flight #50
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: low
Invalid

Dead Code Remnants in `RaiseBoxFaucet::claimFaucetTokens`

0xzhd

Root + Impact

Description

In the claimFaucetTokens function, the first dead code appears immediately after setting faucetClaimer = msg.sender; in the checks section. The line (lastClaimTime[faucetClaimer] == 0); appears to have been intended as a check for first-time claims but lacks any conditional logic or action, rendering it inert even if uncommented. The existing cooldown check already handles first-time claims correctly (default lastClaimTime of 0 allows the claim to pass), making this remnant obsolete.

The second dead code is in the ETH drip reset block, where // dailyClaimCount = 0; follows the daily drip reset. This was likely meant to reset the token claim count alongside ETH drips but was commented out, possibly due to the separate reset logic later in the function using lastFaucetDripDay. As a result, it performs no action and duplicates intent without effect.

These lines, while commented, contribute to code bloat and could confuse developers into thinking special handling exists where none does.

// @> Root cause in the codebase (first dead code)
faucetClaimer = msg.sender;
// @> Dead code: Incomplete first-time claim check
@> // (lastClaimTime[faucetClaimer] == 0);
if (block.timestamp < (lastClaimTime[faucetClaimer] + CLAIM_COOLDOWN)) {
revert RaiseBoxFaucet_ClaimCooldownOn();
}
// Later in ETH drip section (second dead code)
if (currentDay > lastDripDay) {
lastDripDay = currentDay;
dailyDrips = 0;
// @> Dead code: Unused claim count reset (handled elsewhere)
@> // dailyClaimCount = 0;
}

Risk

Likelihood:

  • Low: Dead code does not execute and has no functional impact, but developers or auditors may encounter it during reviews.

  • It becomes more likely to cause issues during code refactoring if the lines are uncommented accidentally.

Impact:

  • Low: No security or runtime effects, but it degrades code quality, potentially leading to misinterpretation of logic (e.g., assuming first-time claims need special handling).

  • Maintenance overhead increases slightly, as clutter slows down comprehension without providing value.

Proof of Concept

These lines are inert and can be safely removed without altering behavior. The first handles a non-existent first-time check (redundant with cooldown logic), and the second duplicates a reset managed by lastFaucetDripDay. To verify, the function executes identically with or without them, as confirmed by unit tests covering first claims and daily resets.

No specific test is needed beyond existing coverage, but adding a comment or diff in mitigation demonstrates no change in outcomes.

Recommended Mitigation

Remove both commented lines to clean up the codebase and eliminate confusion. This aligns with best practices for removing dead code during audits.

// In checks section:
faucetClaimer = msg.sender;
- // (lastClaimTime[faucetClaimer] == 0);
if (block.timestamp < (lastClaimTime[faucetClaimer] + CLAIM_COOLDOWN)) {
revert RaiseBoxFaucet_ClaimCooldownOn();
}
// In ETH drip reset section:
if (currentDay > lastDripDay) {
lastDripDay = currentDay;
dailyDrips = 0;
- // dailyClaimCount = 0;
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 10 days ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.