Inefficient Use of Storage Variable for faucetClaimer
Root + Impact
The faucetClaimer address is unnecessarily stored as a state variable in contract storage, even though it’s only used temporarily inside the claimFaucetTokens() function.
Normally, transient data such as the caller’s address should be held in memory (stack) variables to save gas and avoid accidental persistence.
However, in this implementation, faucetClaimer appears to be declared as a state variable, which means each assignment incurs an expensive SSTORE operation on the blockchain. This wastes gas and could cause unintentional overwriting if reused elsewhere.// Root cause in the codebase with @> marks to highlight the relevant section
Risk
Likelihood:
Occurs on every faucet claim transaction.
Happens consistently whenever any user claims tokens.
Impact:
Unnecessary gas consumption due to persistent storage writes.
Possible confusion or unintended persistence if reused across functions.
Proof of Concept
Deploy the contract and observe the gas cost difference in two versions of the same function:
vs
The first will incur SSTORE costs (~20,000 gas), while the second is free beyond stack usage.
Recommended Mitigation
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
View preliminary resultsAppeals Review
Appeals are being carefully reviewed by our judges.
Rewards Distribution
The contest is complete and the rewards are being distributed.