Snowman Merkle Airdrop

​

​

​

* Normally, minting functions should limit the number of iterations or allow controlled batching to avoid exceeding block gas limits.

​

* The current implementation of `mintSnowman` performs a **loop based on an arbitrary `amount`** without any upper bound or batching logic. This creates a **Denial of Service (DoS) risk** if a large `amount` is passed, as the transaction may exceed the block gas limit and always revert.

​

function mintSnowman(address receiver, uint256 amount) external {

@> _safeMint(receiver, s_TokenCounter);

}

​

​

**Likelihood**:

​

* This occurs when a large `amount` is passed to `mintSnowman`.

​

**Impact**:

​

* Makes it impossible to mint NFTs in one transaction when `amount` is too large.

​

* Could halt onboarding or claiming process if not handled properly.

​

The following solidity example simulates a Denial Of Service which exceeds block gas limit and hence the transaction reverts

// Simulate a large mint causing out-of-gas

snowman.mintSnowman(attacker, 1_000_000); // Likely to exceed block gas limit and revert

​

​

Add a **reasonable upper limit** on the `amount` or enforce a **batching strategy**.

​

function mintSnowman(address receiver, uint256 amount) external {

+ if (amount > 10) {

+ revert("Too many NFTs in one mint");

+ }

​

}

​

This protects against denial-of-service due to gas exhaustion while still enabling bulk minting in controlled sizes.

​