Raisebox Faucet

First Flight #50

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Impact: medium

Likelihood: low

Invalid

Redundant parameter in refill function creates unnecessary complexity and potential user error

anchabadze

Description:

The refillSepEth() function contains an unnecessary parameter that creates redundant logic and increases the chance of user error:

function refillSepEth(uint256 amountToRefill) external payable onlyOwner {

require(amountToRefill > 0, "invalid eth amount");

require(msg.value == amountToRefill, "Refill amount must be same as value sent.");

emit SepEthRefilled(msg.sender, amountToRefill);

}

The function requires the caller to pass amountToRefill as a parameter, but then immediately enforces that this parameter must equal msg.value (the actual Sepolia ETH sent with the transaction). Since the function reverts if these values don't match, the parameter provides no functional value - msg.value already contains all the information needed.

The amountToRefill parameter is essentially forcing the caller to repeat information that's already available in msg.value.

Impact:

The owner must remember to pass the exact same value twice—once in the transaction value and once as a parameter. This is unintuitive and error-prone.

If the owner makes a mistake and the values don't match (e.g., refillSepEth{value: 1 ether}(0.5 ether)), the transaction reverts, wasting gas fees.

The equality check require(msg.value == amountToRefill, ...) consumes gas for a validation that provides no real security or functionality benefit.

The function appears more complex than necessary, making it harder to audit and understand. Reviewers might wonder if there's a hidden reason for the parameter, wasting audit time.

Recommended Mitigation:

Remove the amountToRefill parameter entirely and use msg.value directly:

/// @notice Refill Sepolia ETH into the faucet contract

function refillSepEth() external payable onlyOwner {

require(msg.value > 0, "Must send ETH");

emit SepEthRefilled(msg.sender, msg.value);

}

Updates

Lead Judging Commences

inallhonesty Lead Judge 12 days ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

157

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.