Submission Details
Impact:
Likelihood:
Improper Use of Global Variable faucetClaimer in Claim Logic
Root + Impact
Description
-
The contract stores msg.sender in the global variable faucetClaimer every time a user calls claimFaucetTokens().
-
However, this variable is unnecessarily stored in contract storage, even though it is only used within the current function scope.
function claimFaucetTokens() external faucetActive nonReentrant {
faucetClaimer = msg.sender; // @> This line stores msg.sender globally
...
}
function getClaimer() public view returns (address) {
return faucetClaimer; // @> Leaks last claimer’s address publicly
}
Risk
Likelihood:
Privacy risk — last claimer address exposed.
Impact:
-
Slight gas inefficiency (unnecessary storage write).
-
Future logic vulnerability if another function depends on faucetClaimer.
Proof of Concept
function testFaucetClaimerLeak() public {
// Alice claims tokens
vm.prank(alice);
faucet.claimFaucetTokens();
// The contract now stores Alice’s address globally
address lastClaimer = faucet.getClaimer();
assertEq(lastClaimer, alice, "should store alice address");
// Bob claims tokens
vm.prank(bob);
faucet.claimFaucetTokens();
// Anyone can read the last claimer — data leak
address leakedClaimer = faucet.getClaimer();
emit log_address(leakedClaimer);
assertEq(leakedClaimer, bob, "leak of last claimer address");
}
Recommended Mitigation
function claimFaucetTokens() external faucetActive nonReentrant {
+ address claimer = msg.sender;
...
}
Rewards breakdown
nSLOC
157This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.