Summary

The design of the claim function allows third parties to submit claims for any user. Although tokens are transferred to the intended recipient, this behavior could lead to unexpected transaction activity and potential operational issues.

Vulnerability Details

• Location: claim function

• Issue: Accepting a user parameter lets anyone trigger a claim for any address if they supply a valid proof.

• Risk: This may be exploited to spam or front-run claims, increasing gas costs or causing confusion for token holders.

Impact

• Could lead to a degraded user experience due to unnecessary or repeated claim transactions.

• May result in increased network congestion or higher transaction fees for affected users.

Tools Used

• Code review

• Manual static analysis

Recommendations

• Evaluate whether claim submissions should be restricted to the token holder (using msg.sender) rather than allowing third-party initiation.

• If the open design is intentional, document the behavior clearly so that users and integrators are aware of the implications.

• Consider implementing notification mechanisms to alert users when a claim is executed on their behalf.