First Flight #14: AirDropper
First Flight #14
Beginner FriendlyDeFiFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

`Deploy.s.sol` is not approve as spender by the deployer, therefore no USDC won't be transferred to the `MerkleAirdrop.sol`.

vesper

Summary

Deploy.s.sol is not approve as spender by the deployer, therefore no USDC won't be transferred to the MerkleAirdrop.sol.

Vulnerability Details

In Deploy.s.sol:run after deploying the MerkleAirdrop.sol contract the owner want to transfer $100 USDC in order to aidrop the 4 winners, however at this step Deploy.s.sol contract can't transfer anything without the approval of deployer. Operation will fail and return false, contract doesn't have enough funds.

function run() public {
vm.startBroadcast();
MerkleAirdrop airdrop = deployMerkleDropper(s_merkleRoot, IERC20(s_zkSyncUSDC));
// Send USDC -> Merkle Air Dropper
IERC20(0x1d17CBcF0D6D143135aE902365D2E5e2A16538D4).transfer(address(airdrop), s_amountToAirdrop);
vm.stopBroadcast();
}

Impact

Contract not deployed

Tools Used

Manual review

Recommendations

Approve the amount equivalent to s_amountToAirdrop on Deploy.s.sol, check the balance of Deploy.s.sol before to deploy MerkleAirdrop.sol contract.

function approveUSDCSpending(address spender, uint256 amount) public {
deployerKey = vm.envUint("PRIVATE_KEY");
vm.startBroadcast(deployerKey);
// USDC Contract Interface
IERC20 usdc = IERC20(s_zkSyncUSDC);
// Approving the spender to use the specified amount of USDC
require(usdc.approve(spender, amount), "Approval failed");
vm.stopBroadcast();
}
Updates

Lead Judging Commences

inallhonesty Lead Judge
over 1 year ago
inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.