Raisebox Faucet

First Flight #50

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

Burn function transfers entire faucet balance instead of specified amount

anchabadze

Description:

The burnFaucetTokens() function contains a critical logic error where it transfers the entire token balance of the faucet contract to the owner, regardless of the amountToBurn parameter specified:

function burnFaucetTokens(uint256 amountToBurn) public onlyOwner {

require(amountToBurn <= balanceOf(address(this)), "Faucet Token Balance: Insufficient");

// ❌ Transfers ENTIRE balance instead of amountToBurn

_transfer(address(this), msg.sender, balanceOf(address(this)));

// Only burns the specified amount

_burn(msg.sender, amountToBurn);

}

The function accepts amountToBurn as a parameter to control how many tokens should be burned, but the _transfer call uses balanceOf(address(this)) instead of amountToBurn. This means:

The entire faucet balance is transferred to the owner
Only amountToBurn tokens are burned from the owner's balance
The remaining tokens stay with the owner instead of remaining in the faucet

Example scenario:

Faucet contract holds: 1,000,000 tokens
Owner calls burnFaucetTokens(100000) intending to burn 100,000 tokens
Actual execution:
- Transfers 1,000,000 tokens to owner
- Burns 100,000 tokens from owner
- Result: Faucet has 0 tokens, Owner has 900,000 tokens
- Expected: Faucet has 900,000 tokens, 100,000 burned

Impact:

After the first call to burnFaucetTokens(), the faucet contract will have zero tokens remaining, making it unable to distribute tokens to users via claimFaucetTokens()

Recommended Mitigation:

Change the _transfer call to only transfer the amountToBurn parameter instead of the entire balance:

function burnFaucetTokens(uint256 amountToBurn) public onlyOwner {

require(amountToBurn <= balanceOf(address(this)), "Faucet Token Balance: Insufficient");

// ✅ Transfer only the amount to be burned

_transfer(address(this), msg.sender, amountToBurn);

// Burn the specified amount

_burn(msg.sender, amountToBurn);

}

Updates

Lead Judging Commences

inallhonesty Lead Judge 12 days ago

Submission Judgement Published

Validated

Assigned finding tags:

Unnecessary and convoluted logic in burnFaucetTokens

Rewards breakdown

nSLOC

157

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.