Beginner FriendlyDeFiFoundry
100 EXP
View results
Submission Details
Severity: low
Invalid

`MerkleAidrop::MerkleRootUpdated` event exists without a function to update `i_merkleRoot`

Description:
The MerkleAirdrop contract includes an event named MerkleRootUpdated which is intended to notify observers when the Merkle root is updated. However, there is no corresponding function in the contract that allows the Merkle root to be updated. Additionally, the i_merkleRoot variable is set to immutable, which means it can only be assigned once during the contract's construction and cannot be modified afterwards.

Impact:
The absence of an update function for the Merkle root means that the contract cannot be updated with a new Merkle root after its initial deployment. This could limit the contract's flexibility and utility, especially in scenarios where the whitelist needs to be updated or changed, essentially restricting it to only one time use.

Recommended Mitigation:
To address this issue, a function should be implemented in the MerkleAirdrop contract that allows the contract owner to update the Merkle root. This function should include access control mechanisms to ensure that only the contract owner can update the Merkle root. Additionally, the MerkleRootUpdated event should be emitted within this function to notify observers of the update as shown below.

- bytes32 private immutable i_merkleRoot;
+ bytes32 private i_merkleRoot;
event MerkleRootUpdated(bytes32 newMerkleRoot);
+ function updateMerkleRoot(bytes32 newMerkleRoot) external onlyOwner {
+ i_merkleRoot = newMerkleRoot;
+ emit MerkleRootUpdated(newMerkleRoot);
+ }

Tools Used: Manual review

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Info

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.