First Flight #14: AirDropper

First Flight #14

Beginner FriendlyDeFiFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

Wrong USDC token address in Deploy.s.sol

k3ysk1lls

Summary

During deployment, the USDC token address is written in two places in the code instead of using a defined variable. These two addresses are different, which will cause the contract to malfunction.

Vulnerability Details

On line 8 of the Deploy.s.sol, the variable s_zkSyncUSDC is defined as the address 0x1D17CbCf0D6d143135be902365d2e5E2a16538d4, which is not a USDC address on the zkSync era network. This address will be used for airdop transfer. On the other hand, on line 18, USDC tokens are transferred to the airdrop contract using the following command:

IERC20(0x1d17cbcf0d6d143135ae902365d2e5e2a16538d4).transfer(address(airdrop), s_amountToAirdrop);

The address used above is a valid USDC address on the zkSync Era network. There is therefore a mismatch between the token that the airdrop contract holds and the tokens it is trying to give to users.

Impact

Due to the token address mismatch described above, no airdop will be passed to users.

Tools Used

Reading the code:-)

Recommendations

Always use variables in your code and use a valid USDC address. The following changes will fix the bug.

// SPDX-License-Identifier: MIT

pragma solidity 0.8.24;

import { MerkleAirdrop, IERC20 } from "../src/MerkleAirdrop.sol";

import { Script } from "forge-std/Script.sol";

contract Deploy is Script {

- address public s_zkSyncUSDC = 0x1D17CbCf0D6d143135be902365d2e5E2a16538d4;

+ address public s_zkSyncUSDC = 0x1d17CBcF0D6D143135aE902365D2E5e2A16538D4;

bytes32 public s_merkleRoot = 0xf69aaa25bd4dd10deb2ccd8235266f7cc815f6e9d539e9f4d47cae16e0c36a05;

// 4 users, 25 USDC each

uint256 public s_amountToAirdrop = 4 * (25 * 1e6);

// Deploy the airdropper

function run() public {

vm.startBroadcast();

MerkleAirdrop airdrop = deployMerkleDropper(s_merkleRoot, IERC20(s_zkSyncUSDC));

// Send USDC -> Merkle Air Dropper

- IERC20(0x1d17CBcF0D6D143135aE902365D2E5e2A16538D4).transfer(address(airdrop), s_amountToAirdrop);

+ IERC20(s_zkSyncUSDC).transfer(address(airdrop), s_amountToAirdrop);

vm.stopBroadcast();

}

function deployMerkleDropper(bytes32 merkleRoot, IERC20 zkSyncUSDC) public returns (MerkleAirdrop) {

return (new MerkleAirdrop(merkleRoot, zkSyncUSDC));

}

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

usdc-wrong-address

Rewards breakdown

nSLOC

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.