Raisebox Faucet
First Flight #50
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

claimFaucetTokens reverts when contract balance == faucetDrip

vk1033

claimFaucetTokens reverts when contract balance == faucetDrip

Description

  • Normal behavior: claimFaucetTokens should allow a user to successfully claim faucetDrip tokens when the contract holds exactly faucetDrip tokens (the last drip should be claimable).

  • Specific issue: the contract checks balanceOf(address(this)) <= faucetDrip and reverts when the balance is equal to faucetDrip. This prevents the final available drip from being claimed, causing an unnecessary denial-of-service on the last token unit.

@> if (balanceOf(address(this)) <= faucetDrip) {
revert RaiseBoxFaucet_InsufficientContractBalance();
}

Risk

Likelihood: Low

  • Occurs when the contract token balance exactly equals faucetDrip (edge-case). Any normal drain sequence that leaves exactly one drip will trigger this.

Impact: Medium

  • Users cannot claim the final drip, faucet availability is degraded (denial of the last available claim).

Proof of Concept

The PoC sets the contract token balance to exactly faucetDrip and demonstrates that claimFaucetTokens reverts.

function testClaimWhen1000TokensLeft() public {
// set contract token balance to 1000 tokens
address key = raiseBoxFaucetContractAddress;
uint256 mappingSlot = 0; // _balances is the first declared variable
bytes32 slot = keccak256(abi.encode(key, uint256(mappingSlot)));
vm.store(raiseBoxFaucetContractAddress, slot, bytes32(uint256(1000 ether)));
vm.prank(user1);
vm.expectRevert("RaiseBoxFaucet_InsufficientContractBalance()");
raiseBoxFaucet.claimFaucetTokens();
// Revert even when enough tokens are available for a drip
}

Recommended Mitigation

  • Change the conditional to use < so a contract with exactly faucetDrip may be claimed once.

function claimFaucetTokens() public {
// exisiting code
- if (balanceOf(address(this)) <= faucetDrip) {
+ if (balanceOf(address(this)) < faucetDrip) {
revert RaiseBoxFaucet_InsufficientContractBalance();
}
// exisiting code
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 10 days ago
Submission Judgement Published
Validated
Assigned finding tags:

Off-by-one error in `claimFaucetTokens` prevents claiming when the balance is exactly equal to faucetDrip

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.