Submission Details
Impact:
Likelihood:
[L-05] Refill Sepolia ETH with unnessary complexity
Refill Sepolia ETH with unnessary complexity
Description
-
Expected behaviour:
refillSepEth(uint256)should distinguish between public donations and and fundings by owner, but has the same effect of faucet gets ETH. -
Issue: Unnessary complexity by defining the amount to refill the faucet with ETH.
/// @notice Refill Sepolia ETH into the faucet contract
/// @param amountToRefill Amount of ETH being refilled (must equal msg.value)
function refillSepEth(uint256 amountToRefill) external payable onlyOwner {
@> require(amountToRefill > 0, "invalid eth amount");
@> require(msg.value == amountToRefill, "Refill amount must be same as value sent.");
emit SepEthRefilled(msg.sender, amountToRefill);
}
Risk
Impact:
-
Owner needs to make sure
msg.valueto exactly matchamountToRefillparameter. -
Gas inefficient
-
Higher deployment costs
Recommended Mitigation
Simply check for msg.value >0and accept ETH funding by owner.
- remove this code
+ add this code
+ error RaiseBoxFaucet__InvalidEthAmount();
/// @notice Refill Sepolia ETH into the faucet contract
- /// @param amountToRefill Amount of ETH being refilled (must equal msg.value)
- function refillSepEth(uint256 amountToRefill) external payable onlyOwner {
+ function refillSepEth() external payable onlyOwner {
- require(amountToRefill > 0, "invalid eth amount");
+ if(msg.value == 0) {
+ revert RaiseBoxFaucet__InvalidEthAmount();
+ }
- require(msg.value == amountToRefill, "Refill amount must be same as value sent.");
- emit SepEthRefilled(msg.sender, amountToRefill);
+ emit SepEthRefilled(msg.sender, msg.value);
}
Rewards breakdown
nSLOC
157This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.