Raisebox Faucet

First Flight #50

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: low

Valid

Faucet Token Claim Blocked When Contract Balance Equals FaucetDrip

0xnigthswatch

Root + Impact

Description

The contract currently prevents a user from claiming faucet tokens if the contract balance is less than or equal to the per-claim amount (faucetDrip):

if (balanceOf(address(this)) <= faucetDrip) {

@> revert RaiseBoxFaucet_InsufficientContractBalance();

}

This logic blocks claims even when there are enough tokens in the contract to fulfill exactly one claim.
Intended behavior: users should be able to claim tokens as long as the contract has at least faucetDrip tokens, without unnecessarily blocking claims.

Risk

Likelihood:

Triggered whenever the contract balance is equal to the per-claim faucet token amount.

Impact:

Users are prevented from claiming available tokens, potentially leaving small balances stranded in the contract.

Reduces usability and can frustrate users expecting to receive any available tokens.

Proof of Concept

In the following POC, the faucet total supply of tokens will be set through burn and mint fucntion to exactly faucetDrip, then a user will claim it but the claim will revert although there is enough tokens to fulfill this claim.

function test_claimFaucetTokens_blocked_when_contract_has_exactly_faucetDrip()

public

{

// drain all fauct tokens by calling burnFaucetTokens()

vm.prank(owner);

raiseBoxFaucet.burnFaucetTokens(

raiseBoxFaucet.balanceOf(address(raiseBoxFaucet))

);

// assert the faucet has no more tokens

assertEq(raiseBoxFaucet.balanceOf(address(raiseBoxFaucet)), 0);

// now mint to the faucet exactly faucetDrip

vm.prank(owner);

raiseBoxFaucet.mintFaucetTokens(

address(raiseBoxFaucet),

raiseBoxFaucet.faucetDrip()

);

assertEq(

raiseBoxFaucet.balanceOf(address(raiseBoxFaucet)),

raiseBoxFaucet.faucetDrip()

);

// if any user attempt to claim the faucetDrip, it will revert also the faucetDrip amount is present

vm.expectRevert();

vm.prank(user1);

raiseBoxFaucet.claimFaucetTokens();

}

Recommended Mitigation

In this fix, the fucntion will revert only if the contract has less than faucetDrip otherwise the fucntion will go through.

- if (balanceOf(address(this)) <= faucetDrip) {

+ if (balanceOf(address(this)) < faucetDrip) {}

revert RaiseBoxFaucet_InsufficientContractBalance();

}

Updates

Lead Judging Commences

inallhonesty Lead Judge 9 days ago

Submission Judgement Published

Validated

Assigned finding tags:

Off-by-one error in `claimFaucetTokens` prevents claiming when the balance is exactly equal to faucetDrip

Rewards breakdown

nSLOC

157

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.