Snowman Merkle Airdrop
First Flight #42
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Impact: medium
Likelihood: high
Invalid

Missing Claimed Status Check

0xdaxun

Root + Impact

Users can repeatedly claim airdrops draining NFT supply.

Description

  • Normal Behavior: Users should claim airdrop only once

  • Issue: Contract sets claimed status after processing but never checks it

// SnowmanAirdrop.sol
function claimSnowman(...) external {
@>// Missing: require(!s_hasClaimedSnowman[receiver])
...
s_hasClaimedSnowman[receiver] = true;
}

Risk

Likelihood:

  • Exploitable immediately after first successful claim

  • Requires no special privileges

Impact:

  • Infinite NFT claims per user

  • Exhaustion of NFT supply

  • Theft of unclaimed allocations

Proof of Concept

// Demonstrates duplicate claim vulnerability
function testReentrantClaim() public {
// First claim succeeds
airdrop.claimSnowman(user, proof, v, r, s);
uint256 firstBalance = snowman.balanceOf(user);
// Second identical claim
airdrop.claimSnowman(user, proof, v, r, s);
// User receives double NFTs
assertEq(snowman.balanceOf(user), 2 * firstBalance);
}

Explanation: The same user can claim multiple times with identical parameters since the claimed status check is missing before processing.

Recommended Mitigation

function claimSnowman(...) external {
+ require(!s_hasClaimedSnowman[receiver], "Already claimed");
...
}

Explanation: Prevents duplicate claims by checking status before processing.

Updates

Lead Judging Commences

yeahchibyke Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.