Raisebox Faucet
First Flight #50
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: medium
Likelihood: medium
Invalid

The `RaiseBoxFaucet` contract lacks a native currency withdrawal function for the owner in case of an emergency, potentially leading to the loss of funds.

alexscherbatyuk

Root + Impact

Description

The RaiseBoxFaucet contract, which has functionality to receive and distribute Sepolia ETH, lacks admin functionality to withdraw Sepolia ETH in case of an emergency that would require redeploying the contract and refunding the new contract.

Risk

Likelihood:

  • Any emergency or denial of service (DoS) that might require contract redeployment and funds migration.

Impact:

  • Loss of funds in case of an emergency that would require redeploying the contract and refunding the new contract.

Proof of Concept

A possible cause for an emergency is another finding where the faucetDrip value, incorrectly set during deployment, breaks the contract's functionality.

Recommended Mitigation

Consider adding a RaiseBoxFaucet::withdrawNativeFunds function to allow the owner to withdraw or transfer Sepolia ETH in case of an emergency.

+ function withdrawNativeFunds(addess receiver) external onlyOwner {
+ payable(recipient).call{value: address(this).balance}("");
+ }
Updates

Lead Judging Commences

inallhonesty Lead Judge 13 days ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.