Submission Details
Severity:
Wrong address is used for USDC token in deploy script which leads to airdrop contract being unusable.
Summary
MerkleAirdrop contract will be deployed with wrong address for USDC token on zkSync.
Vulnerability Details
Deploy script uses wrong address for USDC token on zkSync which leads to airdrop contract not functioning as intended. It will not be possible to claim any USDC.
contract Deploy is Script {
// @audit - wrong address used
@> address public s_zkSyncUSDC = 0x1D17CbCf0D6d143135be902365d2e5E2a16538d4;
bytes32 public s_merkleRoot = 0xf69aaa25bd4dd10deb2ccd8235266f7cc815f6e9d539e9f4d47cae16e0c36a05;
.
.
Impact
MerkleAirdrop contract will be unusable, users won't be able to claim any USDC.
Tools Used
Manual review
Recommendations
Use correct address for USDC token on zkSync in deploy script.
contract Deploy is Script {
- address public s_zkSyncUSDC = 0x1D17CbCf0D6d143135be902365d2e5E2a16538d4;
+ address public s_zkSyncUSDC = 0x1D17CbCf0D6d143135ae902365d2e5E2a16538d4;
bytes32 public s_merkleRoot = 0xf69aaa25bd4dd10deb2ccd8235266f7cc815f6e9d539e9f4d47cae16e0c36a05;
.
.
Updates
Lead Judging Commences
inallhonesty over 1 year ago
Submission Judgement Published Assigned finding tags:
usdc-wrong-address
Rewards breakdown
nSLOC
62This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.