First Flight #14: AirDropper
First Flight #14
Beginner FriendlyDeFiFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Inputs in `makeMerkle.js` are not correct

blacksquirrel

Summary

Description: makeMerkle.js is not in scope for the audit, but it's how we are generating the s_merkleRoot in our Deploy.s.sol and Deploy.s.sol is in the scope. Inputs in makeMerkle.js are not correct because usdc has 6 decimals not 18.

Vulnerability Details

Proof of Concept:

Due to misconfiguration in makeMerkle.js file , the MerkleAirdrop:claim function will revert as for casting leaf we provide amount equal to 25 * 1e6 but in makeMerkle.js it is 25 * 1e18.
And merkleProof, i_merkleRootwe made to expect amount to be 25 * 1e18.

Proof of Code:

Code for a bug in makeMerkle.js
/*//////////////////////////////////////////////////////////////
INPUTS
//////////////////////////////////////////////////////////////*/
- const amount = (25 * 1e18).toString()
const userToGetProofOf = "0x20F41376c713072937eb02Be70ee1eD0D639966C"
// (1)
const values = [
[userToGetProofOf, amount],
["0x277D26a45Add5775F21256159F089769892CEa5B", amount],
["0x0c8Ca207e27a1a8224D1b602bf856479b03319e7", amount],
["0xf6dBa02C01AF48Cf926579F77C9f874Ca640D91D", amount]
]

Impact

The user will not be able to claim his airdrop and deposited 100 usdc will be stuck in contract
forever.

Tools Used

Manual review.

Recommendations

I propose to refactor const amount = (25 * 1e18).toString() to const amount = (25 * 1e6).toString() in makeMerkle.js.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

wrong-usdc-decimals-in-merkle

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.