Address discrepancy leading to disruption in protocol functionality
Summary
The variable s_zkSyncUSDC is used in the Deploy.s.sol script to hold the address of the USDC contract on the zkSync chain. However, an erroneous character in the address is causing misdirection to an incorrect address.
This error affects the functionality of the MerkleAirdrop contract, as it does not allow the distribution of the airdrop intended for eligible users upon calling the claim function.
Vulnerability Details
In the Deploy.s.sol script, the variable _zkSyncUSDC is assigned the value 0x1D17CbCf0D6d143135be902365d2e5E2a16538d4, which is incorrect.
Code
The accurate address for the USDC contract can be verified from the zkSync Era Block Explorer, which is 0x1d17CBcF0D6D143135aE902365D2E5e2A16538D4.
Impact
Calls made to the address stored in the variable s_zkSyncUSDC are likely to fail. Consequently, the safeTransfer function within the claim function of the MerkleAirdrop contract will be unsuccessful in transferring USDC tokens from the contract to the user's address.
Tools Used
Manual code review
Recommendations
Replace the value of s_zkSyncUSDC in the Deploy.s.sol script with the correct address 0x1d17CBcF0D6D143135aE902365D2E5e2A16538D4.
Code
Lead Judging Commences
usdc-wrong-address
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.