Snowman Merkle Airdrop
First Flight #42
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: medium
Invalid

L-1 Unrestricted Zero-Amount Purchases Waste Gas and Emit Invalid Events

qasimlab118

Root + Impact

Unrestricted Zero-Amount Purchases Waste Gas and Emit Invalid Events

Description

The Snow.sol::buySnowfunction allows users to pass amount = 0, which causes the function to:

  • Accept the transaction

  • Mint zero tokens

  • Update s_earnTimer

  • Emit a SnowBought event

Since no real action occurs (no mint, no fee, no transfer), this results in meaningless computation and gas usage, and can spam event logs and pollute analytics systems.

Risk

Likelihood:

  • Anyone can call this function with amount = 0, either accidentally or maliciously.

Impact:

  • Wastes gas

Proof of Concept

// User calls with zero amount
buySnow(0);
// Results:
- _mint(msg.sender, 0); // No tokens minted
- s_earnTimer = block.timestamp; // Still updated
- Event SnowBought emitted with amount = 0

Recommended Mitigation

Add a validation check at the beginning of the buySnow function:

This prevents unintended or abusive use of the function and ensures that only meaningful transactions are processed.

+ require(amount > 0, "Amount must be greater than zero");
Updates

Lead Judging Commences

yeahchibyke Lead Judge 14 days ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.