RaiseBoxFaucet:constructor Function Lacks Proper ETH Transfer

Description

• Under normal circumstances, after successful deployment, the faucet protocol should be able to fulfill its promised functions (e.g., distributing a certain amount of ETH to first-time users).

• However, in the current protocol, after deployment, there may be a gap where "ETH is not immediately transferred," which would prevent users participating at that time from receiving the ETH they are entitled to.

• I believe that "transferring ETH during deployment" is important for two main reasons:

• 
  

  1. Ensuring that early participating users can receive the ETH they deserve aligns with user expectations of the protocol.

• 
  

  1. Although, after a period of user participation, insufficient ETH distribution will inevitably occur and the protocol frontend will notify users of the specific reason, users typically consider it reasonable that "the administrator will replenish ETH later."

Risk

Likelihood:

• Inevitable after deployment

Impact:

• Early active users cannot receive the promised ETH.

• Creates a negative impact on future testing of the protocol.

Proof of Concept

• Add the following in RaiseBoxFaucet.t.sol:

Recommended Mitigation

• Directly add the payable modifier to the constructor and ensure the administrator honestly transfers ETH during deployment.

• Alternatively, in the deployment script, directly call refillSepEth to ensure the administrator honestly transfers ETH.