Raisebox Faucet
First Flight #50
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: low
Invalid

Hardcoded Constructor Parameters

osamaebaid

Root + Impact

Description

The constructor parameters ("raiseboxtoken", "RB", 1000 * 10 ** 18, 0.005 ether, 1 ether) are hardcoded. This limits flexibility and could lead to

errors if the values need to change for different environments (e.g., testnet vs. mainnet).

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.30;
import {Script} from "forge-std/Script.sol";
import {RaiseBoxFaucet} from "../src/RaiseBoxFaucet.sol";
contract DeployRaiseboxContract is Script {
RaiseBoxFaucet public raiseBox;
function run() public {
vm.startBroadcast();
raiseBox = new RaiseBoxFaucet(
"raiseboxtoken",
"RB",
1000 * 10 ** 18,
0.005 ether,
1 ether
);
vm.stopBroadcast();
}
}

Risk

Likelihood:

  • Reason 1 // Describe WHEN this will occur (avoid using "if" statements)

  • Reason 2

Impact:

Hardcoding makes it harder to reuse the script or adjust parameters without modifying the code,

increasing the risk of deploying with incorrect values.

Proof of Concept

when the harcoded constructor parameters contract written for Testnet deployed on Mainnet the contract will be unusable

raiseBox = new RaiseBoxFaucet(
"raiseboxtoken",
"RB",
1000 * 10 ** 18,
0.005 ether,
1 ether
);

Recommended Mitigation

Recommendation: Use environment variables or a configuration file with Foundry (e.g., via vm.envUint, vm.envString) to pass parameters dynamically

uint256 initialSupply = vm.envUint("INITIAL_SUPPLY");
uint256 fee = vm.envUint("FAUCET_FEE");
uint256 cap = vm.envUint("FAUCET_CAP");
raiseBox = new RaiseBoxFaucet(
vm.envString("TOKEN_NAME"),
vm.envString("TOKEN_SYMBOL"),
initialSupply,
fee,
cap
);
Updates

Lead Judging Commences

inallhonesty Lead Judge 10 days ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.