First Flight #14: AirDropper
First Flight #14
Beginner FriendlyDeFiFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

The owner's address of `MerkleAirdrop.sol` contract is `Deploy.s.sol`, so any Ether sent to it would cause the transfer to revert without the implementation of receive function.

vesper

Summary

The owner's address of MerkleAirdrop.sol contract is Deploy.s.sol any Ether sent to it would cause the transfer to revert without the implementation of receive function.

Vulnerability Details

The low-lvl call in MerkleAirdrop:claimFees will revert because the owner account isn't capable of receiving Ether. The owner's address of MerkleAirdrop.sol is a contract Deploy.s.sol and this contract doesn't implement a function for handling plain Ether transfers.

Impact

The owner won't be able to claim the FEES generated during the airdrop session.

Tools Used

Manual review

Recommendations

Add a receive function in Deploy.s.sol or transfer the ownership of MerkleAirdrop.sol to an EOA.

event Received(address caller, uint256 amount);
// This function is triggered when the contract receives Ether without data
receive() external payable {
emit Received(msg.sender, msg.value);
}
event OwnershipTransferred(address indexed oldOwner, address indexed newOwner);
// Function to transfer ownership to a new address
function transferOwnership(address newOwner) public onlyOwner {
require(newOwner != address(0), "New owner cannot be the zero address");
emit OwnershipTransferred(owner, newOwner);
owner = newOwner;
}
Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.