Snowman Merkle Airdrop

First Flight #42

Beginner FriendlyFoundrySolidityNFT

100 EXP

View results

Previous Next

Submission Details

Impact: high

Likelihood: high

Invalid

## SnowmanAirdrop.sol ## [ Manipulate the Amount ]

hawks

Root + Impact

Description

The claimSnowman function currently uses:

@> uint256 amount = i_snow.balanceOf(receiver);

This means the amount of tokens the user is claiming is dynamically calculated based on the current balance of the i_snow token at the time of calling the claimSnowman function.

The problem is that this relies on the live balance, not on a snapshot taken at the time the Merkle tree was generated.

Risk

Likelihood: High

After the snapshot users may receive more tokens.

When they call claimSnowman, the function uses their current balance, which includes tokens received after the snapshot, allowing them to claim more NFTs than they were originally entitled to.

Impact:

Claim more NFTs

Proof of Concept

Exploit Example:

Let's say the Merkle tree was created with the assumption that user A has 100 Snow tokens.

After the Merkle tree is created, A receives 50 more tokens from a friend or staking rewards, so their balance is now 150 Snow tokens.

Since the claimSnowman function is using the live balance (i_snow.balanceOf(receiver)), A can now mint 150 Snowman NFTs, even though they were only entitled to 100.

This is not what was intended, because the amount should be based on their balance at the snapshot time when the Merkle tree was generated, not their current live balance.

Recommended Mitigation

Add uint256 amount in the function as a parameter, this way we make sure that the amount being claimed is fixed and verified by the Merkle proof.

This ensure that the amount can't be manipulated by manipulating their currrent token balance.

- uint256 amount = i_snow.balanceOf(receiver);

+ uint256 amount

Updates

Lead Judging Commences

yeahchibyke Lead Judge 3 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

nSLOC

215

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.