Raisebox Faucet

First Flight #50

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Impact: low

Likelihood: high

Invalid

`RaiseBoxFaucet.sol::getFaucetTotalSupply` function returns contract balance instead of total minted tokens

mkozhuharov

Root + Impact / `RaiseBoxFaucet.sol::getFaucetTotalSupply` function returns contract balance instead of total minted tokens

Description

Typically, total supply functions return the total number of tokens minted, regardless of which accounts hold them.
However, the getFaucetTotalSupply function returns the current contract balance instead of the total number of Faucet tokens minted.

function getFaucetTotalSupply() public view returns (uint256) {

@> return balanceOf(address(this));

}

Risk

Likelihood:

The issue occurs each time the getFaucetTotalSupply function is called.

Impact:

This behavior can lead to user confusion and misinterpretation by external integrations, as the function name suggests it returns the total supply of Faucet tokens.
Since this function is expected to be used externally, returning the contract’s balance instead of the true total supply may result in inaccurate data being displayed or relied upon.

Proof of Concept

Add the following test to RaiseBoxFaucet.t.sol to reproduce the issue:

function test_audit_getFaucetTotalSupplyFunctionReturnsContractBalance()

public

{

vm.prank(user1);

raiseBoxFaucet.claimFaucetTokens();

assertGt(

raiseBoxFaucet.totalSupply(),

raiseBoxFaucet.getFaucetTotalSupply()

);

}

Recommended Mitigation

Modify the function to return the actual total supply - i.e., the total number of Faucet tokens minted - instead of the contract’s balance.

function getFaucetTotalSupply() public view returns (uint256) {

- return balanceOf(address(this));

+ return totalSupply();

}

Updates

Lead Judging Commences

inallhonesty Lead Judge 5 days ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

157

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.