First Flight #14: AirDropper

First Flight #14

Beginner FriendlyDeFiFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

One of the addresses in the Merkle Tree is a contract specifically a `GnosisSafeProxy` contract

vesper

Summary

One of the addresses in the Merkle Tree is a contract specifically a GnosisSafeProxy contract which uses a delegatecall to forward calls to a singleton (master copy).

Vulnerability Details

The GnosisSafeProxy uses a delegatecall to forward calls to a singleton (master copy):

State Manipulation: The behavior of the proxy will depend entirely on the state and logic of the master copy it points to. If the master copy is updated or points to a malicious contract, the behavior of the proxy in your airdrop process could lead to security vulnerabilities.
Transaction Calls: The proxy can be used to interact with your contract in a high-level manner, possibly invoking other contracts or performing actions beyond simple token transfers. This includes invoking contracts that change state, manipulate token balances, or interact with other contracts in a harmful way.

Delegate Call Risks: The use of delegatecall within the proxy can lead to serious vulnerabilities, especially if the contract to which it delegates is not secure. This could potentially lead to the execution of unintended logic that can manipulate the proxy's state.

Impact

This specific case highlights the fact that a malicious contract or a proxy contract, if selected, can interact with and introduce a potential risk of draining or taking control of the contract.

Tools Used

Manual review

Recommendations

In the process of winners selection be sure to select only EOAs, in case or contract addresses are mandatory use at least reentrancy guard in MerkleAirdrop:claim and ensuring that they are properly configured and not susceptible to attacks that could impact the broader system. Ask for review before to select it.

import "@openzeppelin/contracts/security/ReentrancyGuard.sol";

contract MerkleAirdrop is Ownable, ReentrancyGuard {

// contract code

}

function claim(address account, uint256 amount, bytes32[] calldata merkleProof) external payable nonReentrant {

if (msg.value != FEE) {

revert MerkleAirdrop__InvalidFeeAmount();

}

bytes32 leaf = keccak256(abi.encode(account, amount));

if (!MerkleProof.verify(merkleProof, i_merkleRoot, leaf)) {

revert MerkleAirdrop__InvalidProof();

}

emit Claimed(account, amount);

i_airdropToken.safeTransfer(account, amount);

}

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

smart-contract-wallet-not-the-same-on-l2

Rewards breakdown

nSLOC

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.