Raisebox Faucet
First Flight #50
Beginner FriendlySolidity
100 EXP
View all submissions
Previous Next
Submission Details
Severity: high
Valid

dailyDrips Resets Incorrectly, Allowing dailySepEthCap to be Bypassed

Author Revealed upon completion

Root + Impact

Description

  • The dailyDrips variable, which tracks the amount of Sepolia ETH dispensed, is incorrectly reset to zero for any user who has already claimed ETH before. The check if (!hasClaimedEth[faucetClaimer] && !sepEthDripsPaused) is where the daily drip logic is contained. If a user has already claimed (hasClaimedEth is true), the else block is executed, which sets dailyDrips = 0;. This allows a malicious user to reset the daily counter by calling claimFaucetTokens with a second account, effectively resetting the daily cap for everyone else.

// Root cause in the codebase with @> marks to highlight the relevant section

Risk

Likelihood:

  • This occurs whenever a user who has already claimed ETH makes a subsequent (reverting) claim attempt.

  • A malicious actor uses a second account to reset the counter after the dailySepEthCap has been reached.

Impact:

  • The dailySepEthCap can be repeatedly bypassed, allowing the faucet's entire Sepolia ETH balance to be drained in a single day, against the contract's rules.

  • This depletes a limited resource (Sepolia ETH) that is essential for new users to interact with the protocol.

Proof of Concept

if (!hasClaimedEth[faucetClaimer] && !sepEthDripsPaused) {
// ... logic to drip ETH and increment dailyDrips
} else {
dailyDrips = 0; // This should not be here
}

Recommended Mitigation

- } else {
- dailyDrips = 0;
- }
+ add this code
Updates

Lead Judging Commences

inallhonesty Lead Judge 1 day ago
Submission Judgement Published
Validated
Assigned finding tags:

dailyDrips Reset Bug

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.