Raisebox Faucet
First Flight #50
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Unnecessary reseting dailyDrips when eth drip is paused or a claimed user makes a claim again

jjhokins

Root + Impact

Description

  • The function "claimFaucetTokens" will reset variable "dailyDrips" every time sepolia eth drip is paused or the same user makes a second claim.
    This won't drip sepolia eth to the same user again but it will greatly increase the total amount of sepolia eth dripped during a day, since this resets dailyDrips to 0 so the previous dripped eth does not count and the "sepEthAmountToDrip" limit becomes harder to reach

// Root cause in the codebase with @> marks to highlight the relevant section
if (!hasClaimedEth[faucetClaimer] && !sepEthDripsPaused) {
uint256 currentDay = block.timestamp / 24 hours;
if (currentDay > lastDripDay) {
lastDripDay = currentDay;
dailyDrips = 0;
// dailyClaimCount = 0;
}
if (dailyDrips + sepEthAmountToDrip <= dailySepEthCap && address(this).balance >= sepEthAmountToDrip) {
hasClaimedEth[faucetClaimer] = true;
dailyDrips += sepEthAmountToDrip;
(bool success,) = faucetClaimer.call{value: sepEthAmountToDrip}("");
if (success) {
emit SepEthDripped(faucetClaimer, sepEthAmountToDrip);
} else {
revert RaiseBoxFaucet_EthTransferFailed();
}
} else {
emit SepEthDripSkipped(
faucetClaimer,
address(this).balance < sepEthAmountToDrip ? "Faucet out of ETH" : "Daily ETH cap reached"
);
}
} else {
//@> why reset dailyDrips here? if the same user calls claimFaucetTokens multiple times after first time, dailyDrips will keep getting reset to 0
dailyDrips = 0;
}

Risk

Likelihood: High

  • This will happen every time a claimed user makes a second claim, or the owner pauses the sepolia eth drip

Impact: High

  • This would increase the protocal's daily consumption of sepolia eth, potentially to a unlimited amount.

Proof of Concept

Scenario 1

1. Mallory (attacker) calls function "claimFaucetTokens" for the first time and received sepolia eth

2. Three days later, when a bunch of other users claimed and received sepolia eth, the attacker calls function "claimFaucetTokens" for the second time, resetting the variable "dailyDrips" to 0

3. The protocal would continue to drip sepolia eth, then the actual amount of eth dripped that day will go beyond the dailySepEthCap limit


Scenario 2

1. Users make a bounch of "claimFaucetTokens" calls

2. For some reason, the owner has to pause the sepolia eth dripping, this would reset the variable "dailyDrips" to 0

3. The owner toggle the eth dripping back on and the protocal would continue to drip sepolia eth. But the actual amount of eth dripped that day will go beyond the dailySepEthCap limit


Recommended Mitigation

if (!hasClaimedEth[faucetClaimer] && !sepEthDripsPaused) {
uint256 currentDay = block.timestamp / 24 hours;
//@audit, should move the below block into the first branch of the following if condition,
//no need to reset lastDripDay/dailyDrips if no sepEth drip is going to happen
if (currentDay > lastDripDay) {
lastDripDay = currentDay;
dailyDrips = 0;
// dailyClaimCount = 0;
}
if (dailyDrips + sepEthAmountToDrip <= dailySepEthCap && address(this).balance >= sepEthAmountToDrip) {
hasClaimedEth[faucetClaimer] = true;
dailyDrips += sepEthAmountToDrip;
(bool success,) = faucetClaimer.call{value: sepEthAmountToDrip}("");
if (success) {
emit SepEthDripped(faucetClaimer, sepEthAmountToDrip);
} else {
revert RaiseBoxFaucet_EthTransferFailed();
}
} else {
emit SepEthDripSkipped(
faucetClaimer,
address(this).balance < sepEthAmountToDrip ? "Faucet out of ETH" : "Daily ETH cap reached"
);
}
// simply remove the "else" branch
- } else {
- dailyDrips = 0;
- }
+ }
Updates

Lead Judging Commences

inallhonesty Lead Judge 13 days ago
Submission Judgement Published
Validated
Assigned finding tags:

dailyDrips Reset Bug

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.