Raisebox Faucet
First Flight #50
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Function burnFaucetTokens transfers incorrect amount of tokens

al88nsk

Description

Function RaiseBoxFaucet::burnFaucetTokens transfers all contract balance to the owner when it burns amountToBurn tokens. But this is not correct. It must transfer amountToBurn tokens. If amountToBurn is less than the contract balance, then all tokens from the contract balance are transferred to the owner and the contract's balance becomes 0.

function burnFaucetTokens(uint256 amountToBurn) public onlyOwner {
require(amountToBurn <= balanceOf(address(this)), "Faucet Token Balance: Insufficient");
// transfer faucet balance to owner first before burning
// ensures owner has a balance before _burn (owner only function) can be called successfully
_transfer(address(this), msg.sender, balanceOf(address(this)));
_burn(msg.sender, amountToBurn);
}

Risk

Likelihood: High

Every time function burnFaucetTokens is called, all contract balance is transferred to the owner.

Impact: Medium

There is no loss of tokens, they just transferred to the owner and can be transferred back again.

Recommended Mitigation

Transfer amount of tokens that is required to be burnt:

function burnFaucetTokens(uint256 amountToBurn) public onlyOwner {
require(amountToBurn <= balanceOf(address(this)), "Faucet Token Balance: Insufficient");
// transfer faucet balance to owner first before burning
// ensures owner has a balance before _burn (owner only function) can be called successfully
- _transfer(address(this), msg.sender, balanceOf(address(this)));
+ _transfer(address(this), msg.sender, amountToBurn);
_burn(msg.sender, amountToBurn);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 4 days ago
Submission Judgement Published
Validated
Assigned finding tags:

Unnecessary and convoluted logic in burnFaucetTokens

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.