Beginner FriendlyDeFiFoundry
100 EXP
View results
Submission Details
Severity: high
Valid

Wrong merkle root in the deploy script

Summary

The Deploy::s_merkleRoot uses merkle root value a wrong merkle root value. The used value will not allow the users to get 25 USDC.

Vulnerability Details

On Line 9 of Deploy.s.sol there is bytes32 public s_merkleRoot = 0xf69aaa25bd4dd10deb2ccd8235266f7cc815f6e9d539e9f4d47cae16e0c36a05;. After careful inspection of the file makeMerkle.js (Line 7) which is used for the generation of this value it can be seen that this value corresponds to amount of 25 * 1e18 which is not 25 USDC. To be 25 USDC the value must be 25 * 1e8.

Impact

The users will not be able to get 25 USDC airdrop due to a wrong constant within a file which is out of the scope but its result is used in Deploy.s.sol.

Tools Used

Manual Review

Recommendations

Change the constant in makeMerkle.js on Line 7 to 1e6. Regenerate the merkle tree and set Deploy::s_merkleRoot to the correct value. In future, try to avoid direct copy/paste of specific values between the files.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

wrong-usdc-decimals-in-merkle

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.