Missing safeguard in adjustDailyClaimLimit permits dailyClaimLimit to reach zero via exact subtraction, enabling permanent DoS on new claims until manual owner recovery

Description

• The RaiseBoxFaucet::adjustDailyClaimLimit function allows the owner to fine-tune the dailyClaimLimit — the maximum number of daily token claims — by adding or subtracting a specified amount (by).

• While intended for flexibility, the decrease logic only reverts if by exceeds the current limit, permitting an exact match (by == dailyClaimLimit). This sets dailyClaimLimit to zero, causing all subsequent RaiseBoxFaucet::claimFaucetTokens calls to revert immediately due to the pre-reset check if (dailyClaimCount >= dailyClaimLimit). With dailyClaimCount starting or remaining at a positive value, no new claims succeed, effectively DoS-ing the faucet for token distribution until the owner notices and intervenes.

  function adjustDailyClaimLimit(uint256 by, bool increaseClaimLimit) public onlyOwner {

  if (increaseClaimLimit) {

  dailyClaimLimit += by;

  } else {

  @> if (by > dailyClaimLimit) { // Just checks if by is greater than dailyClaimLimit

  revert RaiseBoxFaucet_CurrentClaimLimitIsLessThanBy();

  }

  @> dailyClaimLimit -= by; // This can set dailyClaimLimit to 0

  }

Risk

Likelihood: Low

• Requires deliberate owner action (e.g., passing an exact current limit with false), making malicious intent unlikely in a benevolent setup.

• However, accidental triggers are plausible via human error (e.g., a copy-paste mistake in a frontend dashboard) or automated scripts with flawed params. Or worse, a compromised owner key.

Impact: Medium

• It would prevent all new token claims, which could lead to frustration among users and a loss of trust in the protocol. However, it does not lead to a loss of funds or tokens.

• The owner can still increase the dailyClaimLimit again to allow new claims, but it requires manual intervention.

Proof of Concept

• Add this test case to the existing RaiseBoxFaucet.t.sol file:

  function test__OwnerCanSetDailyClaimLimitToZero() public {

  // Setup

  vm.prank(owner);

  RaiseBoxFaucet raiseBox = new RaiseBoxFaucet(

  "raiseBoxFaucet",

  "RBF",

  1000 * 10 ** 18,

  0.005 ether,

  1 ether

  );

  ​

  uint256 currentDailyClaimLimit = raiseBox.dailyClaimLimit();

  console.log("Initial Daily Claim Limit:", currentDailyClaimLimit);

  ​

  // Owner passes the current daily claim limit as argument

  vm.prank(owner);

  raiseBox.adjustDailyClaimLimit(currentDailyClaimLimit, false); // It doesn't revert

  ​

  console.log("Daily Claim Limit after setting it to the same value:", raiseBox.dailyClaimLimit());

  ​

  // Any user tries to claim, but fails

  vm.prank(user1);

  vm.expectRevert();

  raiseBox.claimFaucetTokens(); // This will revert

  }

• Run the above test using the following command:

  forge test --mt test__OwnerCanSetDailyClaimLimitToZero -vv

• Logs:

  Ran 1 test for test/RaiseBoxFaucet.t.sol:TestRaiseBoxFaucet

  [PASS] test__OwnerCanSetDailyClaimLimitToZero() (gas: 2329022)

  Logs:

  Initial Daily Claim Limit: 100

  Daily Claim Limit after setting it to the same value: 0

  ​

  Suite result: ok. 1 passed; 0 failed; 0 skipped; finished in 9.87ms (1.22ms CPU time)

Recommended Mitigation

The adjustDailyClaimLimit function should include a check to prevent setting the dailyClaimLimit to zero. This can be done by adding a condition to ensure that the new limit is always greater than zero when decreasing the limit.