Raisebox Faucet

First Flight #50

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Impact: high

Likelihood: medium

Invalid

Critical: Daily ETH Drip Counter Reset Bug Allows Unlimited ETH Drain,Minting Function Logic Bug, Reentrancy in ETH transfer,Timestamp arithmetic / day rollover bug,Gas optimization — unused state variable

myrrenia

Root + Impact

Description

*CRITICAL: Daily ETH Drip Counter Reset Bug**

**Severity: CRITICAL**

**Description:** The `dailyDrips` counter is incorrectly reset to 0 when ETH drips are paused or skipped, allowing unlimited ETH distribution after the pause is lifted.

**Location:** `claimFaucetTokens()` lines 212-213

**Vulnerable Code:**

```solidity

} else {

dailyDrips = 0; // ❌ BUG: Resets daily counter incorrectly

}

**Impact:** Attackers can drain the contract's ETH balance by manipulating the pause state and bypassing daily ETH caps.

**Proof of Concept:**

1. Attacker claims ETH normally

2. Owner pauses ETH drips

3. Another user claims (triggers reset bug)

4. Owner unpauses ETH drips

5. Attacker claims again and receives ETH despite daily limit

**Fix:**

```solidity

} else {

// Remove the incorrect reset - only reset on new day

emit SepEthDripSkipped(faucetClaimer, "ETH drip paused or already claimed");

}

```

### 2. **CRITICAL: Minting Function Logic Bug**

**Severity: CRITICAL**

**Description:** The `mintFaucetTokens` function has inverted logic that prevents minting when balance is above threshold instead of when it's below threshold.

**Location:** `mintFaucetTokens()` line 114

**Vulnerable Code:**

```solidity

if (balanceOf(address(to)) > 1000 * 10 ** 18) {

revert RaiseBoxFaucet_FaucetNotOutOfTokens(); // ❌ BUG: Wrong condition

}

```

**Impact:** Owner can mint unlimited tokens even when the contract has sufficient balance, leading to inflation and economic manipulation.

**Fix:**

```solidity

if (balanceOf(address(to)) >= MINT_THRESHOLD) {

revert RaiseBoxFaucet_FaucetNotOutOfTokens();

}

```### 3. **MEDIUM: Reentrancy Vulnerability in ETH Transfer**

**Severity: MEDIUM**

**Description:** The contract performs external ETH transfer before updating state variables, violating the Checks-Effects-Interactions pattern.

**Location:** `claimFaucetTokens()` lines 198-204

**Vulnerable Code:**

```solidity

(bool success,) = faucetClaimer.call{value: sepEthAmountToDrip}(""); // ❌ External call first

if (success) {

emit SepEthDripped(faucetClaimer, sepEthAmountToDrip); // ❌ State update after

}

```

**Impact:** Potential reentrancy attacks could drain ETH or manipulate contract state.

**Fix:**

```solidity

// Update state first, then external call (CEI pattern)

hasClaimedEth[faucetClaimer] = true;

dailyDrips += sepEthAmountToDrip;

(bool success,) = faucetClaimer.call{value: sepEthAmountToDrip}("");

if (!success) {

// Revert state changes if transfer fails

hasClaimedEth[faucetClaimer] = false;

dailyDrips -= sepEthAmountToDrip;

revert RaiseBoxFaucet_EthTransferFailed();

}

### 4. **MEDIUM: Integer Overflow/Underflow in Daily Claim Logic**

**Severity: MEDIUM**

**Description:** The daily claim count reset logic uses timestamp arithmetic that can underflow and cause incorrect day calculations.

**Location:** `claimFaucetTokens()` lines 220-223

**Vulnerable Code:**

```solidity

if (block.timestamp > lastFaucetDripDay + 1 days) { // ❌ Can underflow

lastFaucetDripDay = block.timestamp;

dailyClaimCount = 0;

}

```

**Impact:** Users might bypass daily limits or experience unexpected claim behavior due to timestamp manipulation.

**Fix:**

```solidity

// Use proper day calculation to prevent underflow

uint256 currentFaucetDay = block.timestamp / SECONDS_PER_DAY;

if (currentFaucetDay > (lastFaucetDripDay / SECONDS_PER_DAY)) {

lastFaucetDripDay = block.timestamp;

dailyClaimCount = 0;

}

### 5. **LOW: Gas Optimization - Unnecessary State Variable**

**Severity: LOW**

**Description:** The `blockTime` state variable is set but never used, wasting gas on deployment and storage.

**Location:** Line 42

**Vulnerable Code:**

```solidity

uint256 public blockTime = block.timestamp; // ❌ Never used

```

**Impact:** Increased deployment costs and unnecessary storage usage.

**Fix:**

```solidity

// Remove the unused variable entirely

// uint256 public blockTime = block.timestamp; // DELETE THIS LINE

// Root cause in the codebase with @> marks to highlight the relevant section

- remove this code

+ add this code

Updates

Lead Judging Commences

inallhonesty Lead Judge 18 days ago

Submission Judgement Published

Invalidated

Reason: Lack of quality

Rewards breakdown

nSLOC

157

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.