Submission Details
Impact:
Likelihood:
[L-1] Centralization Risk
[L-1] Centralization Risk
Description
-
Normal behavior: Administrative privileges should be limited and documented; owner-controlled actions must be intentional and auditable.
-
Specific issue: the contract exposes multiple
onlyOwnerfunctions (mint, burn, refill, pause) granting the owner broad control.
// @> owner-only functions
function mintFaucetTokens(address to, uint256 amount) public onlyOwner { ... }
function burnFaucetTokens(uint256 amountToBurn) public onlyOwner { ... }
function refillSepEth(uint256 amountToRefill) external payable onlyOwner { ... }
function toggleEthDripPause(bool _paused) external onlyOwner { ... }
Risk
Likelihood:Low
-
Owner will call admin functions during normal maintenance or upgrades.
-
Misuse occurs when owner keys are compromised or the owner acts maliciously.
Impact:Low
-
Owner can change token supply or drain/alter faucet behavior.
-
Centralization increases trust requirement on the owner.
Proof of Concept
// As owner: call mintFaucetTokens(...) or refillSepEth(...) to change state.
Recommended Mitigation
- // owner-only direct controls
- function mintFaucetTokens(address to, uint256 amount) public onlyOwner { ... }
- function toggleEthDripPause(bool _paused) external onlyOwner { ... }
+ // recommend multisig or timelock for dangerous admin functions
+ // e.g. restrict via a multisig or TimeLockController
Rewards breakdown
nSLOC
157This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.