Locked Faucet Balance Due to Incorrect Comparison Operator in Token Balance Check
Root + Impact
Description
Normal behavior:
The claimFaucetTokens() function should allow users to claim tokens as long as the faucet contract holds a sufficient token balance equal to or greater than the drip amount (faucetDrip). When the faucet’s remaining token balance exactly equals the claim amount, the claim should succeed, and the faucet should become empty.
Issue:
The current implementation uses the condition balanceOf(address(this)) <= faucetDrip, which incorrectly reverts when the contract balance is exactly equal to the claim amount. As a result, the faucet can become permanently locked with a remaining token balance equal to faucetDrip, preventing the final legitimate claim from being executed.
Risk
Likelihood:
-
This occurs every time the faucet token balance is exactly equal to the
faucetDripamount. -
The condition will be met naturally as the faucet balance depletes over time through normal usage.
Impact:
-
The faucet becomes permanently locked with a leftover token balance equal to one full drip.
-
Final users are unable to claim tokens, resulting in poor user experience and inefficient token utilization.
Proof of Concept
Recommended Mitigation
Changing the condition to < allows the last valid claim to execute successfully when the faucet’s token balance equals the drip amount, preventing unnecessary token locking and improving contract usability.
Lead Judging Commences
Off-by-one error in `claimFaucetTokens` prevents claiming when the balance is exactly equal to faucetDrip
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.