Snowman Merkle Airdrop
First Flight #42
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

H-3 Zero-Amount Buys in `Snow::buySnow` Allow Users to Reset s_earnTimer and Block Earn Rewards

qasimlab118

Root + Impact

Zero-Amount Buys in Snow::buySnow Allow Users to Reset s_earnTimer and Block Earn Rewards

Description

The buySnow function updates s_earnTimer even when amount == 0. This allows users to repeatedly call buySnow(0) to reset the cooldown timer for earnSnow().

As a result, any user — or malicious actor — could block others from minting Snow via earn rewards, since earnSnow() checks this timer:

if (block.timestamp < (s_earnTimer + 1 weeks)) {
revert S__Timer();
}

This effectively enables a denial-of-earn-reward attack, making farming unreliable or entirely inaccessible.

Risk

Likelihood:

  • Anyone can call buySnow(0) at any time, even without paying fees.

Impact:

  • Completely breaks the reward earning mechanism.

Proof of Concept

// Attacker repeatedly calls:
buySnow(0); // Free call, no fee paid
// Each call does:
s_earnTimer = block.timestamp;
// Now any user calling:
earnSnow(); // Reverts due to s_earnTimer being freshly reset

Recommended Mitigation

Prevent zero-amount buys completely:

+ require(amount > 0, "Amount must be greater than zero");
Updates

Lead Judging Commences

yeahchibyke Lead Judge 14 days ago
Submission Judgement Published
Validated
Assigned finding tags:

buying of snow resets global timer thus affecting earning of free snow

When buySnow is successfully called, the global timer is reset. This inadvertently affects the earning of snow as that particular action also depends on the global timer.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.