Submission Details
Impact:
Likelihood:
Improper Use of Global Variable faucetClaimer in Claim Logic
Author Revealed upon completion
Root + Impact
Description
-
The contract stores msg.sender in the global variable faucetClaimer every time a user calls claimFaucetTokens().
-
However, this variable is unnecessarily stored in contract storage, even though it is only used within the current function scope.
function claimFaucetTokens() external faucetActive nonReentrant {
faucetClaimer = msg.sender; // @> This line stores msg.sender globally
...
}
function getClaimer() public view returns (address) {
return faucetClaimer; // @> Leaks last claimer’s address publicly
}
Risk
Likelihood:
Privacy risk — last claimer address exposed.
Impact:
-
Slight gas inefficiency (unnecessary storage write).
-
Future logic vulnerability if another function depends on faucetClaimer.
Proof of Concept
function testFaucetClaimerLeak() public {
// Alice claims tokens
vm.prank(alice);
faucet.claimFaucetTokens();
// The contract now stores Alice’s address globally
address lastClaimer = faucet.getClaimer();
assertEq(lastClaimer, alice, "should store alice address");
// Bob claims tokens
vm.prank(bob);
faucet.claimFaucetTokens();
// Anyone can read the last claimer — data leak
address leakedClaimer = faucet.getClaimer();
emit log_address(leakedClaimer);
assertEq(leakedClaimer, bob, "leak of last claimer address");
}
Recommended Mitigation
function claimFaucetTokens() external faucetActive nonReentrant {
+ address claimer = msg.sender;
...
}
Rewards breakdown
nSLOC
157This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
View preliminary resultsAppeals Review
Appeals are being carefully reviewed by our judges.
Rewards Distribution
The contest is complete and the rewards are being distributed.