First Flight #14: AirDropper

First Flight #14

Beginner FriendlyDeFiFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

Wrong decimal in `makeMerkle.js` causes markleProof that should claim more token than expected

f3d0ss

Summary

In makeMerkle.js, the amount of token that can be claimed is incorrectly set to 25 * 1e18 instead of 25 * 1e6, which is the correct amount for USDC with 6 decimals. This error leads to the creation of a proof that claims 25_000_000_000_000 USDC, causing the airdrop to be unclaimable with the produced markle root in the deploy script.

Impact

The airdrop becomes unclaimable, and the funds remain stuck in the MerkleAirdrop contract.

Proof of Concept:

To demonstrate the issue, add the following code to the existing MerkleAirdropTest contract:

Proof Of Code

bytes32 public jsMerkleRoot = 0xf69aaa25bd4dd10deb2ccd8235266f7cc815f6e9d539e9f4d47cae16e0c36a05;

bytes32 jsProofOne = 0x4fd31fee0e75780cd67704fbc43caee70fddcaa43631e2e1bc9fb233fada2394;

bytes32 jsProofTwo = 0xc88d18957ad6849229355580c1bde5de3ae3b78024db2e6c2a9ad674f7b59f84;

bytes32[] jsProof = [proofOne, proofTwo];

address collector = 0x20F41376c713072937eb02Be70ee1eD0D639966C;

function testWithMerkleProofGeneratedByJavascript() public {

airdrop = new MerkleAirdrop(jsMerkleRoot, token);

token.mint(address(this), amountToSend);

token.transfer(address(airdrop), amountToSend);

uint256 fee = airdrop.getFee();

vm.deal(collector, fee);

uint256 startingBalance = token.balanceOf(collector);

vm.startPrank(collector);

airdrop.claim{ value: fee }(collector, amountToCollect, jsProof);

vm.stopPrank();

uint256 endingBalance = token.balanceOf(collector);

assertEq(endingBalance - startingBalance, amountToCollect);

}

Tools Used

foundry

Recommendations

In makeMerkle.js, correct the amount to 25 * 1e6:

- const amount = (25 * 1e18).toString();

+ const amount = (25 * 1e6).toString();

Then update the s_merkleRoot in the Deploy contract:

- bytes32 public s_merkleRoot = 0xf69aaa25bd4dd10deb2ccd8235266f7cc815f6e9d539e9f4d47cae16e0c36a05;

+ bytes32 public s_merkleRoot = 0x3b2e22da63ae414086bec9c9da6b685f790c6fab200c7918f2879f08793d77bd;

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

wrong-usdc-decimals-in-merkle

Rewards breakdown

nSLOC

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.