Snowman Merkle Airdrop
First Flight #42
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Impact: medium
Likelihood: medium
Invalid

Inconsistent Fallback Behavior in buySnow() Payment logic

0xsamuraijack

Summary

The function has ambiguous behavior when an invalid ETH amount is sent, potentially leading to failed WETH transfers if user approvals are missing.

Description

If ETH amount does not match expected price, contract attempts to collect WETH.
If WETH allowance is insufficient, transaction will revert unexpectedly.
User may think ETH was sufficient and UX confusion occurs.

POC

function testFallbackWETHBuyPOC() public {
uint256 amount = 1;
uint256 wethNeeded = snow.s_buyFee() * amount;
deal(address(weth), victory, wethNeeded);
vm.prank(victory);
IERC20(weth).approve(address(snow), wethNeeded);
uint256 balanceBefore = IERC20(weth).balanceOf(address(victory));
vm.prank(victory);
snow.buySnow{value: 0}(amount);
uint256 balanceAfter = IERC20(weth).balanceOf(address(victory));
assert(balanceBefore!= balanceAfter);
}

Impact

Unexpected reverts.
UX confusion.
Inconsistent payment flow.

Severity

MEDIUM

Likelihood

MEDIUM

Recommendation

Fail early when ETH amount is incorrect:
require(msg.value == s_buyFee * amount, "Invalid ETH amount");
Or fully separate ETH vs WETH purchase flows.

Updates

Lead Judging Commences

yeahchibyke Lead Judge 5 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Appeal created

0xsamuraijack Submitter
5 months ago
0xsamuraijack Submitter
5 months ago
yeahchibyke Lead Judge
5 months ago
yeahchibyke Lead Judge 5 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.