Snowman Merkle Airdrop
First Flight #42
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Snowman.sol - mintSnowman() lacks caller checks

lcfr

Root + Impact

Description

  • mintSnowman is called from SnowmanAirdrop.sol to mint the amount of ERC721 equivielnt Snowman of the snow ERC20 a claiming address holds.

  • mintSnowman lacks caller checks ensuring only the SnowmanAirdrop.sol can call this function. A user can call this to mint as many snowman ERC721 as they like without owning any snow or passing the signature/merkle requirement.

// >>> EXTERNAL FUNCTIONS
function mintSnowman(address receiver, uint256 amount) external { <<---
for (uint256 i = 0; i < amount; i++) {
_safeMint(receiver, s_TokenCounter);
emit SnowmanMinted(receiver, s_TokenCounter);
s_TokenCounter++;
}
}

Risk

Likelihood:

  • High

Impact:

  • Could cause loss of funds if the NFT is used to claim Snow tokens.

Proof of Concept

snowman.call(abi.encodeWithSignature('mintSnowman(address,uint256)', address(this), 1024);

Recommended Mitigation

Add a caller check in the mintSnowman() function and pass the SnowmanAirdrop contract address to the constructor to use as the verification for the caller in mintSnowman().
Updates

Lead Judging Commences

yeahchibyke Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Unrestricted NFT mint function

The mint function of the Snowman contract is unprotected. Hence, anyone can call it and mint NFTs without necessarily partaking in the airdrop.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.