Raisebox Faucet

First Flight #50

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Impact: high

Likelihood: medium

Invalid

# Root + Impact – Inefficient Validation Logic in `refillSepEth`

vishal772pixel

Root + Impact – Inefficient Validation Logic in `refillSepEth`

Description

Normal behavior:
The refillSepEth() function should validate input conditions before accepting Sepolia ETH refills from the contract owner.
Specifically:
- amountToRefill > 0
- msg.value == amountToRefill
Issue:
The current implementation uses require statements with string error messages, which are less gas efficient than using if conditions combined with custom errors (introduced in Solidity 0.8.4).

Example of current code:

require(amountToRefill > 0, "invalid eth amount");
require(msg.value == amountToRefill, "Refill amount must be same as value sent.");
Example of proposed alternative:

if (amountToRefill == 0) revert RaiseBoxFaucet_InvalidEthAmount();
if (msg.value != amountToRefill) revert RaiseBoxFaucet_RefillAmountShouldBeSameAsValueSent();
Why?
- require(..., "error message") stores a full string in contract bytecode, increasing deployment cost.
- if (...) revert CustomError() encodes errors more efficiently, saving runtime gas.

Risk

Likelihood: High (always executed since validation is mandatory).
Impact: Medium (this does not break functionality but increases gas cost for every refill).

Each refill call incurs higher gas usage.
On mainnet or with frequent refills, costs add up.
Not exploitable by attackers — but still suboptimal design.

Proof of Concept

// Current (require):

require(amountToRefill > 0, "invalid eth amount");

// Gas overhead: includes storing + returning full error string

// Proposed (custom errors):

if (amountToRefill == 0) revert RaiseBoxFaucet_InvalidEthAmount();

// Gas savings: avoids string literals in bytecode, cheaper revert payload

Recommended Mitigation

Replace require with if + revert CustomError for all input validation:

- require(amountToRefill > 0, "invalid eth amount");

- require(msg.value == amountToRefill, "Refill amount must be same as value sent.");

+ if (amountToRefill == 0) revert RaiseBoxFaucet_InvalidEthAmount();

+ if (msg.value != amountToRefill) revert RaiseBoxFaucet_RefillAmountShouldBeSameAsValueSent();

This ensures gas efficiency while preserving functionality and security guarantees.

Updates

Lead Judging Commences

inallhonesty Lead Judge 6 days ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

157

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.