First Flight #14: AirDropper
First Flight #14
Beginner FriendlyDeFiFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

In `Deploy.s.sol` contract, receive function is not implemented which means all the fees will be stuck in the contract

naman1729

Summary

  • In Deploy.s.sol contract, receive function is not implemented which means all the fees will be stuck in the contract. The owner will not be able to claim the fees. to resolve this issue we have to implement the receive function in the Deploy contract and also we implement claimFeesFromAirdrop function to claimFees from the MerkleAirdrop contract

Vulnerability Details

  • Deploy.s.sol contract is not able to claimFees from MerkleAirdrop contract because the receive function is not implemented in the Deploy contract and also there is no function to call the claimFees function from the MerkleAirdrop contract

  • So, all the fees will be stuck in the contract and the owner will not be able to claim the fees

contract Deploy is Script {
address public s_zkSyncUSDC = 0x1D17CbCf0D6d143135be902365d2e5E2a16538d4;
bytes32 public s_merkleRoot = 0xf69aaa25bd4dd10deb2ccd8235266f7cc815f6e9d539e9f4d47cae16e0c36a05;
// 4 users, 25 USDC each
uint256 public s_amountToAirdrop = 4 * (25 * 1e6);
// Deploy the airdropper
function run() public {
vm.startBroadcast();
MerkleAirdrop airdrop = deployMerkleDropper(s_merkleRoot, IERC20(s_zkSyncUSDC));
// Send USDC -> Merkle Air Dropper
IERC20(0x1d17CBcF0D6D143135aE902365D2E5e2A16538D4).transfer(address(airdrop), s_amountToAirdrop);
vm.stopBroadcast();
}
function deployMerkleDropper(bytes32 merkleRoot, IERC20 zkSyncUSDC) public returns (MerkleAirdrop) {
return (new MerkleAirdrop(merkleRoot, zkSyncUSDC));
}
}

POC

  • These are the points which proof the claimFees function will not work

    • if we not added receive function in the Deploy contract then claimFees function will not able to transfer the fees to the owner(deploy contract)

    • So, we have to implement the receive function and a proper function to call the claimFees function from the MerkleAirdrop contract

    • Before adding the receive function in the Deploy contract, we are not able to send eth to the Deploy contract from the MerkleAirdrop contract

    • By the Deploy contract, we can send the eth to the owner of the deploy contract

Impact

  • ClaimFees function will not work if we not added receive function in the Deploy contract

  • All the fees will be stuck in the contract

  • Owner will not be able to claim the fees

Tools Used

  • Manual Review

Recommendations

  • put this in Deploy.s.sol to claimFees from MerkleAirdrop.sol contract

contract Deploy is Script {
+ error Deploy__NotOwner();
+ error Deploy__TransferFailed();
- address public s_zkSyncUSDC = 0x1D17CbCf0D6d143135be902365d2e5E2a16538d4;
+ address public s_zkSyncUSDC = 0x1d17CBcF0D6D143135aE902365D2E5e2A16538D4;
bytes32 public s_merkleRoot = 0xf69aaa25bd4dd10deb2ccd8235266f7cc815f6e9d539e9f4d47cae16e0c36a05;
// 4 users, 25 USDC each
uint256 public s_amountToAirdrop = 4 * (25 * 1e6);
+ address public owner;
+ MerkleAirdrop airdrop;
+ modifier onlyOwner() {
+ if(owner != msg.sender){
+ revert Deploy__NotOwner();
+ }
+ _;
+ }
// Deploy the airdropper
function run() public {
vm.startBroadcast();
+ owner = msg.sender;
- MerkleAirdrop airdrop = deployMerkleDropper(s_merkleRoot, IERC20(s_zkSyncUSDC));
+ airdrop = deployMerkleDropper(s_merkleRoot, IERC20(s_zkSyncUSDC));
// Send USDC -> Merkle Air Dropper
IERC20(0x1d17CBcF0D6D143135aE902365D2E5e2A16538D4).transfer(address(airdrop), s_amountToAirdrop);
vm.stopBroadcast();
}
function deployMerkleDropper(bytes32 merkleRoot, IERC20 zkSyncUSDC) public returns (MerkleAirdrop) {
return (new MerkleAirdrop(merkleRoot, zkSyncUSDC));
}
+ function claimFeesFromAirdrop() public onlyOwner {
+ airdrop.claimFees();
+ (bool succ,) = payable(owner).call{ value: address(this).balance }("");
+ if (!succ) {
+ revert Deploy__TransferFailed();
+ }
+ }
+ receive() external payable {}
}
Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.