Snowman Merkle Airdrop

First Flight #42

Beginner FriendlyFoundrySolidityNFT

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

DoS to a user trying to claim a Snowman

robercano

Root + Impact

Description

Users will approve a specific amount of Snow to the SnowmanAirdrop and also sign a message with their address and that same amount, in order to be able to claim the NFT
Because the current amount of Snow owned by the user is used in the verification, an attacker could forcefully send Snow to the receiver in a front-running attack, to prevent the receiver from claiming the NFT.

function getMessageHash(address receiver) public view returns (bytes32) {

...

// @audit HIGH An attacker could send 1 wei of Snow token to the receiver and invalidate the signature, causing the receiver to never be able to claim their Snowman

uint256 amount = i_snow.balanceOf(receiver);

return _hashTypedDataV4(

keccak256(abi.encode(MESSAGE_TYPEHASH, SnowmanClaim({receiver: receiver, amount: amount})))

);

Risk

Likelihood:

The attacker must purchase Snow and forcefully send it to the receiver in a front-running attack, so the likelihood is Medium

Impact:

The impact is High as it could lock out the receiver from claiming forever

Proof of Concept

The attack consists on Bob sending an extra Snow token to Alice before Satoshi claims the NFT on behalf of Alice. To showcase the risk, the extra Snow is earned for free by Bob.

function testDoSClaimSnowman() public {

assert(snow.balanceOf(alice) == 1);

// Get alice's digest while the amount is still 1

bytes32 alDigest = airdrop.getMessageHash(alice);

// alice signs a message

(uint8 alV, bytes32 alR, bytes32 alS) = vm.sign(alKey, alDigest);

vm.startPrank(bob);

vm.warp(block.timestamp + 1 weeks);

snow.earnSnow();

assert(snow.balanceOf(bob) == 2);

snow.transfer(alice, 1);

// Alice claim test

assert(snow.balanceOf(alice) == 2);

vm.startPrank(alice);

snow.approve(address(airdrop), 1);

// satoshi calls claims on behalf of alice using her signed message

vm.startPrank(satoshi);

vm.expectRevert();

airdrop.claimSnowman(alice, AL_PROOF, alV, alR, alS);

}

Recommended Mitigation

Include the amount to be claimed in both getMessageHash and claimSnowman instead of reading it from the Snow contract. Showing only the new code in the section below

function claimSnowman(address receiver, uint256 amount, bytes32[] calldata merkleProof, uint8 v, bytes32 r, bytes32 s)

external

nonReentrant

{

...

bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(receiver, amount))));

if (!MerkleProof.verify(merkleProof, i_merkleRoot, leaf)) {

revert SA__InvalidProof();

}

// @audit LOW Seems like using the ERC20 permit here would allow for both the delegation of the claim and the transfer of the Snow tokens in one transaction

i_snow.safeTransferFrom(receiver, address(this), amount); // send

...

}

Updates

Lead Judging Commences

yeahchibyke Lead Judge 3 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Invalid merkle-proof as a result of snow balance change before claim action

Claims use snow balance of receiver to compute the merkle leaf, making proofs invalid if the user’s balance changes (e.g., via transfers). Attackers can manipulate balances or frontrun claims to match eligible amounts, disrupting the airdrop.

Rewards breakdown

nSLOC

215

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.