Root + Impact

Description

• The claimFaucetTokens() function assigns msg.sender to a persistent state variable faucetClaimer at the start of every call.

• Normally, msg.sender is used as a local variable within the function since its value changes per transaction and does not need to persist in storage.

• Storing msg.sender in contract storage leads to unnecessary gas consumption (an SSTORE operation) and introduces a minor logical risk if future code relies on this global variable outside of its intended context.

Risk

Likelihood:

• The issue occurs every time claimFaucetTokens() is called, since the function always writes to storage.

• Any future extension that references faucetClaimer outside of this function could incorrectly use an outdated value.

Impact:

• Each call performs a redundant SSTORE (≈20,000 gas if storage is updated from zero, or 5,000 gas if overwriting nonzero data), increasing user gas costs per claim.

• Future contract updates that depend on faucetClaimer risk referencing a stale or incorrect address, causing functional confusion or incorrect event attribution.

Proof of Concept

Explanation:
Every call to claimFaucetTokens() writes msg.sender to contract storage. Since this value is not reused anywhere else, it introduces an unnecessary gas overhead and modifies global state on each claim execution.

Recommended Mitigation

This change converts the variable into a local variable, preserving the same functionality while eliminating redundant storage operations and lowering gas costs.