Raisebox Faucet
First Flight #50
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

Mint Function Restricts Minting To The Contract Address, Limiting Flexibility and Scalability.

iamkashifyousuf

Root + Impact

Description

Normal Behavior

  • The mintFaucetTokens() function should mint faucet tokens based on more modular approach, allowing the owner to mint the faucet token as per declared maxMinCap.

Issue

  • The mintFaucetTokens() function is restricted to magic number i.e. 1000 tokens, forcing the owner to call it frequently to refill the faucet.

function mintFaucetTokens(address to, uint256 amount) public onlyOwner {
if (to != address(this)) {
revert RaiseBoxFaucet_MiningToNonContractAddressFailed();
}
@> if (balanceOf(address(to)) > 1000 * 10 ** 18) {
revert RaiseBoxFaucet_FaucetNotOutOfTokens();
}
_mint(to, amount);
emit MintedNewFaucetTokens(to, amount);
}

Risk

Likelihood:

  • Scalability issues arises once dailyClaimLimit is greater than magic number 1000 tokens.

Impact:

  • The faucet can run out of tokens too frequently and get stuck once balance logic misaligns with dailyClaimLimit or its is exceeds by the magic number i.e. 1000 tokens by calling adjustDailyClaimLimit.

Recommended Mitigation

In order to mitigate the issue, Use modular approach for conditioning the minting logic.

function mintFaucetTokens(address to, uint256 amount) public onlyOwner {
if (to != address(this)) {
revert RaiseBoxFaucet_MiningToNonContractAddressFailed();
}
- if (balanceOf(address(to)) > 1000 * 10 ** 18) {
+ if (balanceOf(address(to)) > (dailyClaimCount * faucetDrip) {
// auditi - Low - Magic Numbers
revert RaiseBoxFaucet_FaucetNotOutOfTokens();
}
_mint(to, amount);
emit MintedNewFaucetTokens(to, amount);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 5 days ago
Submission Judgement Published
Validated
Assigned finding tags:

mintFaucetTokens is unusable due to logic/design mismatch with initial supply

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.