Raisebox Faucet
First Flight #50
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: medium
Likelihood: high
Invalid

ETH drip claim permanently locked after first claim

eze001

Root + Impact

Description

Expected behavior:
Faucet should allow ETH drip for first claim per 3-day cycle.

Actual behavior:

hasClaimedEth permanently blocks ETH drip after first use.

Risk

Likelihood:

  • occurs for every user.

Impact:

  • Users never receive ETH again, even after days reset.

Proof of Concept

See your previous scenario in which hasClaimedEth prevents any future drips

// SPDX-License-Identifier: MIT

pragma solidity ^0.8.20;


interface IFaucet {

function claimFaucetTokens() external;

}


contract FaucetClaimPoC {

IFaucet public faucet;

address public owner;


constructor(address _faucet) {

faucet = IFaucet(_faucet);

owner = msg.sender;

}


receive() external payable {}


function claimOnce() external {

// First claim — should receive ETH

faucet.claimFaucetTokens();

}


function claimAgainAfterDelay() external {

// Call again after delay (simulate passing time)

faucet.claimFaucetTokens(); // This will NOT send ETH again, due to permanent lock

}


function withdraw() external {

require(msg.sender == owner, "Not owner");

payable(owner).transfer(a

ddress(this).balance);

}

}

Recommended Mitigation

Reset daily claim per cycle

- mapping(address => bool) hasClaimedEth;
+ mapping(address => uint256) lastEthClaimDay;
Updates

Lead Judging Commences

inallhonesty Lead Judge 9 days ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.