First Flight #14: AirDropper
First Flight #14
Beginner FriendlyDeFiFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

It Can Be Economically Impractical for the Contract Owner to Claim Airdrop Fees

vile

Summary

The low MerkleAirdrop::FEE (1 Gwei) makes it economically impractical (ETH-wise) for the owner to claim fees, even with the low gas cost of the zkSync chain. The fee should either be removed or increased to make it economically practical to claim by the owner.

Vulnerability Details

The low MerkleAirdrop::FEE (1 Gwei) makes it economically impractical (ETH-wise) for the owner to claim fees, even with the low gas cost of the zkSync chain.

The gas cost for the owner to call MerkleAirdrop::claimFees is 30,479 gas units. Using the average zkSync gas price of 0.02 Gwei, the effective total gas cost would be ~609 Gwei or 0.000000609 Ether. For it to be economically sensible to claim fees (using the current fee price of 1 Gwei), there would need to be greater than or equal to 609 successful airdrop claims to meet or exceed the gas cost. Compared to the current number of addresses that are a part of the merkle tree, there is a significant discrepancy.

POC

MerkleAirdropTest.t.sol

address owner = vm.addr(1);
...
// deploy contracts as an EOA instead of contract
function setUp() public {
vm.startPrank(owner);
token = new AirdropToken();
airdrop = new MerkleAirdrop(merkleRoot, token);
token.mint(owner, amountToSend);
token.transfer(address(airdrop), amountToSend);
vm.stopPrank();
}
...
function test_GasExeceedsFeeClaimAmount() public {
uint256 assumedZksyncGasPrice = 0.00000000002 ether; // 0.02 Gwei
uint256 airdropFee = airdrop.getFee();
vm.deal(collectorOne, airdropFee);
vm.startPrank(collectorOne);
airdrop.claim{ value: airdropFee }(collectorOne, amountToCollect, proof);
vm.stopPrank();
// assert the contract and owner have the proper balances
assertEq(address(airdrop).balance, airdropFee);
assertEq(owner.balance, 0);
vm.startPrank(owner);
uint256 gasBeforeClaim = gasleft();
airdrop.claimFees();
uint256 gasAfterClaim = gasleft();
vm.stopPrank();
// assert the contract has had its fees claimed by owner
assertEq(address(airdrop).balance, 0);
// assert that the amount of gas spent is greater than the fees obtained (in wei)
uint256 gasDelta = gasBeforeClaim - gasAfterClaim;
assertGt((gasDelta * assumedZksyncGasPrice), owner.balance);
}

Run Test

forge test --match-test test_GasExeceedsFeeClaimAmount --gas-report -vvvv

Example Output

Ran 1 test for test/MerkleAirdropTest.t.sol:MerkleAirdropTest
[PASS] test_GasExeceedsFeeClaimAmount() (gas: 129297)
Traces:
[129297] MerkleAirdropTest::test_GasExeceedsFeeClaimAmount()
│ ...
├─ [0] VM::assertGt(620640000000 [6.206e11], 1000000000 [1e9]) [staticcall]
│ └─ ← ()
└─ ← ()
Suite result: ok. 1 passed; 0 failed; 0 skipped; finished in 2.38ms (690.20µs CPU time)
| src/MerkleAirdrop.sol:MerkleAirdrop contract | | | | | |
| -------------------------------------------- | --------------- | ----- | ------ | ----- | ------- |
| Deployment Cost | Deployment Size | | | | |
| 540806 | 2502 | | | | |
| Function Name | min | avg | median | max | # calls |
| claim | 59686 | 59686 | 59686 | 59686 | 1 |
| claimFees | 30479 | 30479 | 30479 | 30479 | 1 | <---
| getFee | 225 | 225 | 225 | 225 | 1 |
...
Ran 1 test suite in 5.26ms (2.38ms CPU time): 1 tests passed, 0 failed, 0 skipped (1 total tests)

Impact

There exists an economic disinsentive for the owner to claim fees from the contract.

Tools Used

Manual Analysis, Foundry Tests & Gas Report

Recommendations

Either remove the need for a fee to be paid during a claim or increase the claim fee to make it economically practical.

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Design choice
inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Economically Impractical Fee

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.