Raisebox Faucet

First Flight #50

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

Owner can mint tokens unlimitly

cryptomv3

Owner can mint tokens unlimitly

Description

When the owner burns faucet tokens, the contract sends them to the owner address from the contract balance.
Next, the owner can mint the faucet tokens unlimitly by exec burn->mint->burn->... functions, since mintFaucetTokens() only checks the contract balance, not the total number of tokens already minted.

Risk

Likelihood:

This will occur when the owner performs the functions burnFaucetTokens()->mintFaucetTokens()->burnFaucetTokens()->... functions

Impact:

The owner can accumulate an infinite number of faucet tokens at his address.

Proof of Concept

The owner can mint the faucet tokens unlimitly by exec mintFaucetTokens()->burnFaucetTokens()->... functions.

function testMintUnlimitedTokens() public {

uint256 count = 10;

console.log("Owner balance:", raiseBoxFaucet.balanceOf(owner));

vm.startPrank(owner);

for (uint256 i = 0; i < count; i++) {

raiseBoxFaucet.burnFaucetTokens(0);

raiseBoxFaucet.mintFaucetTokens(raiseBoxFaucetContractAddress, INITIAL_SUPPLY_MINTED);

console.log("Owner balance:", raiseBoxFaucet.balanceOf(owner));

}

vm.stopPrank();

assertEq(raiseBoxFaucet.balanceOf(owner), INITIAL_SUPPLY_MINTED * count);

}

Recommended Mitigation

Make a genuine burn function without transferring ownership to the owner by remove the _transfer(address(this), msg.sender, balanceOf(address(this))); row.

function burnFaucetTokens(uint256 amountToBurn) public onlyOwner {

require(amountToBurn <= balanceOf(address(this)), "Faucet Token Balance: Insufficient");

// transfer faucet balance to owner first before burning

// ensures owner has a balance before _burn (owner only function) can be called successfully

- _transfer(address(this), msg.sender, balanceOf(address(this)));

_burn(msg.sender, amountToBurn);

}

Updates

Lead Judging Commences

inallhonesty Lead Judge 14 days ago

Submission Judgement Published

Validated

Assigned finding tags:

Unnecessary and convoluted logic in burnFaucetTokens

Rewards breakdown

nSLOC

157

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.