Submission Details
Impact:
Likelihood:
No check for zero amount in burnFaucetTokens
Low: Missing zero amount check
Description
function burnFaucetTokens can be called with zero amount.
function burnFaucetTokens(uint256 amountToBurn) public onlyOwner {
// @> Missing check for zero amount
require(amountToBurn <= balanceOf(address(this)), "Faucet Token Balance: Insufficient");
// transfer faucet balance to owner first before burning
// ensures owner has a balance before _burn (owner only function) can be called successfully
_transfer(address(this), msg.sender, balanceOf(address(this)));
_burn(msg.sender, amountToBurn);
}
Risk
Likelihood: Low
Edge case when mistakenly zero is send as amount.
Impact:
Can cause confusion in edge cases when zero is send and noe revers appear.
Proof of Concept
The function do not revert when zero is passed as amountToBurn.
function testBurnFaucetTokens() public {
uint256 amountToBurn = 0;
// call with 0 amount and no revert happens
vm.prank(owner);
raiseBoxFaucet.burnFaucetTokens(amountToBurn);
}
Recommended Mitigation
Add check for zero amount.
function burnFaucetTokens(uint256 amountToBurn) public onlyOwner {
+ require(amountToBurn > 0, "Zero amount not allowed");
require(amountToBurn <= balanceOf(address(this)), "Faucet Token Balance: Insufficient");
// transfer faucet balance to owner first before burning
// ensures owner has a balance before _burn (owner only function) can be called successfully
_transfer(address(this), msg.sender, balanceOf(address(this)));
_burn(msg.sender, amountToBurn);
}
Rewards breakdown
nSLOC
157This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.