Failure to Update state variable ClaimedToken Amounts
Vulnerability Detail
The claimTokens function in the VouchFaucet contract contains a vulnerability where the require statement check is not correct user can claim more than maxClaimable amount and the claimedTokens mapping is not updated after tokens are claimed. This allows users to repeatedly claim tokens up to the maximum claimable limit (maxClaimable) without any checks or balances to prevent multiple claims.
To mitigate this vulnerability, the claimedTokens mapping should be updated each time tokens are successfully claimed. This ensures that the total amount of tokens claimed by a user does not exceed the maximum claimable limit. The corrected function should look as follows:
aua_oo7
Medium
Failure to Update state variable
ClaimedToken
AmountsVulnerability Detail
The claimTokens function in the VouchFaucet contract contains a vulnerability where the require statement check is not correct user can claim more than maxClaimable amount and the claimedTokens mapping is not updated after tokens are claimed. This allows users to repeatedly claim tokens up to the maximum claimable limit (maxClaimable) without any checks or balances to prevent multiple claims.
Impact
https://github.com/sherlock-audit/2024-06-union-finance-update-2/blob/main/union-v2-contracts/contracts/peripheral/VouchFaucet.sol#L93C5-L97C6
Code Snippet
Tool used
Manual Review, VS code
Recommendation
To mitigate this vulnerability, the claimedTokens mapping should be updated each time tokens are successfully claimed. This ensures that the total amount of tokens claimed by a user does not exceed the maximum claimable limit. The corrected function should look as follows: