Raisebox Faucet
First Flight #50
Beginner FriendlySolidity
100 EXP
View all submissions
Previous Next
Submission Details
Impact: high
Likelihood: high

Critical compile / logical errors with Ownable usage

Author Revealed upon completion

Critical compile / logical errors with Ownable usage

Description

The code misuses Ownable in multiple places:

  • Constructor calls Ownable(msg.sender):

constructor(...) ERC20(name_, symbol_) Ownable(msg.sender) {

OpenZeppelin Ownable (standard) has no constructor argument, so this will not compile.

  • Calls Ownable.owner() in code instead of owner():

if (faucetClaimer == address(0) || faucetClaimer == address(this) || faucetClaimer == Ownable.owner())
...
function getOwner() public view returns (address) {
return Ownable.owner();
}

This is not the correct way to call the inherited owner() function and will cause errors or unexpected behavior. Use owner() directly.

  • Impact: Contract will fail to compile with standard OpenZeppelin Ownable (blocking deployment). Misuse also risks incorrect owner checks if changed to compile.

Risk

Likelihood: HIGH (compilation fails)

Impact: HIGH (non-deployable as-is)

Proof of Concept

Attempting to compile with standard OpenZeppelin `Ownable` results in constructor signature mismatch / compilation errors.

Recommended Mitigation

  • Remove Ownable(msg.sender) from the constructor and call owner() directly. Example:

- constructor(...) ERC20(name_, symbol_) Ownable(msg.sender) {
+ constructor(...) ERC20(name_, symbol_) {

  • Replace Ownable.owner() with owner():

- if (faucetClaimer == address(0) || faucetClaimer == address(this) || faucetClaimer == Ownable.owner()) {
+ if (faucetClaimer == address(0) || faucetClaimer == address(this) || faucetClaimer == owner()) {
- function getOwner() public view returns (address) {
- return Ownable.owner();
- }
+ function getOwner() public view returns (address) {
+ return owner();
+ }

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.