Raisebox Faucet
First Flight #50
Beginner FriendlySolidity
100 EXP
View all submissions
Previous Next
Submission Details
Impact: medium
Likelihood: high

`mintFaucetTokens` is effectively unusable/unreachable given `INITIAL_SUPPLY` minted to contract

Author Revealed upon completion

mintFaucetTokens is effectively unusable/unreachable given INITIAL_SUPPLY minted to contract

Description

  • The constructor mints INITIAL_SUPPLY to address(this):

@> _mint(address(this), INITIAL_SUPPLY);

mintFaucetTokens only allows minting if the contract balance is <= 1000 * 10**18 (more precisely it reverts if balanceOf(address(to)) > 1000 * 10 ** 18). Given the initial mint to the contract (INITIAL_SUPPLY is much larger), mintFaucetTokens will immediately revert and be unusable unless the owner drains contract balance below the threshold. If the intended behavior was to top up when near empty, the logic is unclear or inverted.

Impact: Owner cannot top-up via mintFaucetTokens as expected because the initial mint makes balance > threshold, making the function unusable until tokens are drained to below threshold.

Risk

Likelihood: High (apparent design/logic mismatch)

Impact: Medium (owner cannot mint to refill in many expected scenarios)

Proof of Concept

Deploy contract; `balanceOf(address(this)) == INITIAL_SUPPLY` >> `> 1000 ...` so `mintFaucetTokens` will revert immediately.

Recommended Mitigation

Clarify intended policy: if purpose is to allow mint only when faucet below a threshold, check should be:

- if (balanceOf(address(to)) > 1000 * 10 ** 18) {
- revert RaiseBoxFaucet_FaucetNotOutOfTokens();
- }
+ // Allow minting only when faucet balance is below threshold (e.g., less than or equal)
+ if (balanceOf(address(to)) >= 1000 * 10 ** 18) {
+ revert RaiseBoxFaucet_FaucetNotOutOfTokens();
+ }

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.