Raisebox Faucet
First Flight #50
Beginner FriendlySolidity
100 EXP
View all submissions
Previous Next
Submission Details
Impact: high
Likelihood: low

`RaiseBoxFaucet:constructor` function lacks proper parameter validation

Author Revealed upon completion

RaiseBoxFaucet:constructor function lacks proper parameter validation

Description

  • Under normal circumstances, the administrator would fill in the parameters correctly.

  • However, if zero-value parameters (faucetDrip, sepEthAmountToDrip, dailySepEthCap) are mistakenly entered, the core claiming functionality of the protocol will be completely disabled and irrecoverable.

  • Therefore, I consider it a low-severity vulnerability.

constructor(
string memory name_,
string memory symbol_,
uint256 faucetDrip_,
uint256 sepEthDrip_,
uint256 dailySepEthCap_
) ERC20(name_, symbol_) Ownable(msg.sender) {
@> faucetDrip = faucetDrip_;
@> sepEthAmountToDrip = sepEthDrip_;
@> dailySepEthCap = dailySepEthCap_;
_mint(address(this), INITIAL_SUPPLY); // mint initial supply to contract on deployment
}

Risk

Likelihood:

  • The probability of incorrect parameter entry is relatively low.

Impact:

  • Directly renders the protocol non-functional.

Proof of Concept

None

Recommended Mitigation

constructor(
string memory name_,
string memory symbol_,
uint256 faucetDrip_,
uint256 sepEthDrip_,
uint256 dailySepEthCap_
) ERC20(name_, symbol_) Ownable(msg.sender) {
+ require(faucetDrip_ > 0, "faucetDrip_ cannot be zero");
+ require(sepEthDrip_ > 0, "sepEthDrip_ cannot be zero");
+ require(dailySepEthCap_ > 0, "dailySepEthCap_ cannot be zero");
faucetDrip = faucetDrip_;
sepEthAmountToDrip = sepEthDrip_;
dailySepEthCap = dailySepEthCap_;
_mint(address(this), INITIAL_SUPPLY); // mint initial supply to contract on deployment
}

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.