Raisebox Faucet

First Flight #50

Beginner FriendlySolidity

100 EXP

View all submissions

Previous Next

Submission Details

Impact: high

Likelihood: low

Invalid

Centralization Risk

Author Revealed upon completion

Centralization Risk

Description

The contract should implement role-based access control and governance mechanisms to distribute critical functions and reduce single points of failure.

The owner has extensive control over critical contract functions including unlimited token minting (subject only to balance check), arbitrary daily limit adjustments, and complete ETH management without proper checks, balances, or governance mechanisms.

@> function mintFaucetTokens(address to, uint256 amount) public onlyOwner {

// Owner can mint unlimited tokens when balance is low

}

@> function adjustDailyClaimLimit(uint256 by, bool increaseClaimLimit) public onlyOwner {

// Owner can arbitrarily change daily limits without restrictions

}

@> function toggleEthDripPause(bool _paused) external onlyOwner {

// Owner can pause ETH drips indefinitely without oversight

}

Risk

Likelihood: High

Owner account gets compromised through private key theft, phishing, or social engineering attacks
Owner becomes malicious or acts against protocol and user interests
Single key holder creates operational risk and represents a single point of failure

Impact: Low

Complete control over faucet operations and token distribution mechanisms
Ability to effectively drain contract through unlimited minting combined with burn function bug
Loss of user trust due to centralized control structure and lack of transparency
Operational failure if owner key is lost, compromised, or holder becomes unavailable

Proof of Concept

// Demonstrate centralization attack vectors

contract CentralizationAttack {

RaiseBoxFaucet public faucet;

constructor(address _faucet) {

faucet = RaiseBoxFaucet(_faucet);

}

// Simulate malicious owner draining faucet

function simulateMaliciousOwner() external {

// Attack vector 1: Unlimited minting when balance is low

// Wait until faucet balance drops below 1000 tokens

uint256 currentBalance = faucet.getFaucetTotalSupply();

if (currentBalance <= 1000 * 10**18) {

// Mint maximum possible amount

uint256 maxMint = type(uint256).max;

try faucet.mintFaucetTokens(address(faucet), maxMint) {

// Minting succeeded

} catch {

// Even if it fails, owner can still mint large amounts

}

// Attack vector 2: Abuse burn function to accumulate tokens

if (faucet.getFaucetTotalSupply() > 0) {

// Burn minimal amount but transfer entire balance to owner

faucet.burnFaucetTokens(1); // Only burns 1 token, keeps rest

}

// Attack vector 3: Manipulate daily limits

faucet.adjustDailyClaimLimit(type(uint256).max, true); // Remove limits

// Attack vector 4: Pause ETH drips permanently

faucet.toggleEthDripPause(true); // Disable ETH for all users

// Attack vector 5: Drain any accumulated ETH

// Owner can call refillSepEth with 0 value to trigger selfdestruct-like behavior

// or use burn function profits to extract value

}

// Demonstrate how compromised key affects operations

function simulateKeyCompromise() external pure returns (string[] memory attackCapabilities) {

attackCapabilities = new string[](8);

attackCapabilities[0] = "Mint unlimited tokens when contract balance < 1000";

attackCapabilities[1] = "Transfer entire faucet balance to attacker via burn function";

attackCapabilities[2] = "Set daily claim limits to 0 (permanent DoS)";

attackCapabilities[3] = "Set daily claim limits to max uint256 (drain contract fast)";

attackCapabilities[4] = "Pause ETH drips permanently";

attackCapabilities[5] = "Unpause ETH drips to enable attacks";

attackCapabilities[6] = "Refill contract with malicious ETH tracking";

attackCapabilities[7] = "Complete control over all faucet economics";

return attackCapabilities;

}

// Show impact on legitimate users

function demonstrateUserImpact() external pure returns (

string memory scenario1,

string memory scenario2,

string memory scenario3

) {

scenario1 = "Malicious owner sets daily limit to 0 - all users permanently blocked";

scenario2 = "Compromised key drains all tokens - faucet becomes useless";

scenario3 = "Owner pauses ETH drips - new users get no gas for transactions";

return (scenario1, scenario2, scenario3);

}

Centralization risks:

Owner private key stored insecurely
Single person controls multi-million token faucet
No timelock on critical operations
No multi-signature requirements
No governance or community oversight
No emergency procedures if owner unavailable
Users must trust single entity completely

Recommended Mitigation

The mitigation implements role-based access control, daily limits on privileged operations, and governance mechanisms to distribute power and reduce single points of failure while maintaining operational efficiency.

+ import "@openzeppelin/contracts/access/AccessControl.sol";

+ import "@openzeppelin/contracts/security/Pausable.sol";

- contract RaiseBoxFaucet is ERC20, Ownable, ReentrancyGuard {

+ contract RaiseBoxFaucet is ERC20, AccessControl, ReentrancyGuard, Pausable {

+ // Define roles for distributed access control

+ bytes32 public constant ADMIN_ROLE = keccak256("ADMIN_ROLE");

+ bytes32 public constant MINTER_ROLE = keccak256("MINTER_ROLE");

+ bytes32 public constant PAUSER_ROLE = keccak256("PAUSER_ROLE");

+ bytes32 public constant LIMIT_ADJUSTER_ROLE = keccak256("LIMIT_ADJUSTER_ROLE");

+ // Add daily limits for privileged operations

+ uint256 public constant MAX_MINT_PER_DAY = 100000 * 10**18; // 100k tokens max daily

+ uint256 public constant MAX_LIMIT_CHANGE_PER_DAY = 50; // Max 50 limit changes per day

+ // Track daily usage of privileged functions

+ uint256 public lastMintDay;

+ uint256 public dailyMintAmount;

+ uint256 public lastLimitChangeDay;

+ uint256 public dailyLimitChanges;

+ // Timelock for critical operations (24 hour delay)

+ mapping(bytes32 => uint256) public timelockOperations;

+ uint256 public constant TIMELOCK_DELAY = 24 hours;

constructor(

string memory name_,

string memory symbol_,

uint256 faucetDrip_,

uint256 sepEthDrip_,

uint256 dailySepEthCap_

-) ERC20(name_, symbol_) Ownable(msg.sender) {

+) ERC20(name_, symbol_) {

faucetDrip = faucetDrip_;

sepEthAmountToDrip = sepEthDrip_;

dailySepEthCap = dailySepEthCap_;

+ // Set up initial roles - deployer gets admin role

+ _grantRole(DEFAULT_ADMIN_ROLE, msg.sender);

+ _grantRole(ADMIN_ROLE, msg.sender);

+ // Additional roles can be granted to other addresses later

_mint(address(this), INITIAL_SUPPLY);

}

// Implement controlled minting with daily limits

- function mintFaucetTokens(address to, uint256 amount) public onlyOwner {

+ function mintFaucetTokens(address to, uint256 amount) public onlyRole(MINTER_ROLE) {

if (to != address(this)) {

revert RaiseBoxFaucet_MiningToNonContractAddressFailed();

}

if (balanceOf(address(to)) > 1000 * 10 ** 18) {

revert RaiseBoxFaucet_FaucetNotOutOfTokens();

}

+ // Implement daily minting limits

+ uint256 currentDay = block.timestamp / 1 days;

+ if (currentDay > lastMintDay) {

+ lastMintDay = currentDay;

+ dailyMintAmount = 0;

+ }

+ require(dailyMintAmount + amount <= MAX_MINT_PER_DAY, "Daily mint limit exceeded");

+ dailyMintAmount += amount;

_mint(to, amount);

emit MintedNewFaucetTokens(to, amount);

}

// Implement controlled limit adjustments with restrictions

- function adjustDailyClaimLimit(uint256 by, bool increaseClaimLimit) public onlyOwner {

+ function adjustDailyClaimLimit(uint256 by, bool increaseClaimLimit) public onlyRole(LIMIT_ADJUSTER_ROLE) {

+ // Implement daily change limits

+ uint256 currentDay = block.timestamp / 1 days;

+ if (currentDay > lastLimitChangeDay) {

+ lastLimitChangeDay = currentDay;

+ dailyLimitChanges = 0;

+ }

+ require(dailyLimitChanges < MAX_LIMIT_CHANGE_PER_DAY, "Daily limit change quota exceeded");

+ // Restrict the magnitude of changes

+ uint256 maxChange = dailyClaimLimit / 10; // Max 10% change per operation

+ require(by <= maxChange, "Change amount too large");

+ dailyLimitChanges++;

if (increaseClaimLimit) {

dailyClaimLimit += by;

} else {

if (by > dailyClaimLimit) {

revert RaiseBoxFaucet_CurrentClaimLimitIsLessThanBy();

}

dailyClaimLimit -= by;

}

+ emit DailyClaimLimitAdjusted(dailyClaimLimit, by, increaseClaimLimit, msg.sender);

}

// Implement emergency controls with proper access control

+ function emergencyPause() external onlyRole(PAUSER_ROLE) {

+ _pause();

+ emit EmergencyPaused(msg.sender, block.timestamp);

+ }

+ function emergencyUnpause() external onlyRole(ADMIN_ROLE) {

+ _unpause();

+ emit EmergencyUnpaused(msg.sender, block.timestamp);

+ }

// Implement timelock for critical operations

+ function proposeEthDripPause(bool _paused) external onlyRole(ADMIN_ROLE) {

+ bytes32 operationId = keccak256(abi.encode("PAUSE_ETH_DRIP", _paused));

+ timelockOperations[operationId] = block.timestamp + TIMELOCK_DELAY;

+ emit OperationProposed(operationId, "PAUSE_ETH_DRIP", block.timestamp + TIMELOCK_DELAY);

+ }

+ function executeEthDripPause(bool _paused) external onlyRole(ADMIN_ROLE) {

+ bytes32 operationId = keccak256(abi.encode("PAUSE_ETH_DRIP", _paused));

+ require(timelockOperations[operationId] != 0, "Operation not proposed");

+ require(block.timestamp >= timelockOperations[operationId], "Timelock not expired");

+ sepEthDripsPaused = _paused;

+ delete timelockOperations[operationId];

+ emit SepEthDripsPaused(_paused);

+ }

// Add multi-signature requirement for role management

+ function grantRoleWithConsensus(bytes32 role, address account) external {

+ require(hasRole(ADMIN_ROLE, msg.sender), "Not admin");

+ // Could implement multi-sig logic here or integrate with existing multi-sig

+ _grantRole(role, account);

+ }

// Add events for transparency

+ event EmergencyPaused(address indexed pauser, uint256 timestamp);

+ event EmergencyUnpaused(address indexed unpauser, uint256 timestamp);

+ event OperationProposed(bytes32 indexed operationId, string operation, uint256 executeTime);

+ event DailyClaimLimitAdjusted(uint256 newLimit, uint256 change, bool increased, address adjuster);

Updates

Lead Judging Commences

inallhonesty Lead Judge 3 days ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

157

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

View preliminary results

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.