Snowman Merkle Airdrop

First Flight #42

Beginner FriendlyFoundrySolidityNFT

100 EXP

View all submissions

Previous Next

Submission Details

Impact: high

Likelihood: low

Array Growth DoS Risk

Author Revealed upon completion

Root + Impact

Description

Unbounded s_claimers array may cause gas exhaustion
If implemented in future, this unbounded array could be appended with each claimant's address. Over time, this could make certain function calls (e.g., mass withdrawals or enumeration) expensive and fail.
Although currently unused, an ever‑growing s_claimers array (if later populated) will require unbounded storage and iteration, leading to escalating gas costs and eventual out‑of‑gas errors.

// Root cause in the codebase with @> marks to highlight the relevant section

Risk

Likelihood:

Reason 1 // Describe WHEN this will occur (avoid using "if" statements)
Reason 2 // DoS via gas exhaustion can compromise contract availability.
Reason 3 // While s_claimers is unused today, any future use (e.g. tracking addresses) will escalate gas costs as the list grows.

Impact:

Impact 1 Risk of out-of-gas errors if the array is used in state-changing loops.
Impact 2 Network congestion or repeated claims could render critical functions unusable, locking out legitimate users.

Proof of Concept

//Suppose s_claimers is later appended during claim:

solidity

Copy

Edit

s_claimers.push(receiver);

//Calling this 1 million times via a script:

for (let i = 0; i < 1_000_000; i++) {

await snowmanAirdrop.claimSnowman(user, merkleProof, v, r, s);

}

//Now any function that iterates over s_claimers (e.g. refund, airdrop) will run out of gas:

function refundAll() external {

for (uint i = 0; i < s_claimers.length; i++) {

payable(s_claimers[i]).transfer(0.01 ether); // likely to revert

}

Recommended Mitigation

- remove this code

// Declared at contract top:

address[] private s_claimers;

+ add this code

- address[] private s_claimers;

+ // Removed unused array. Use mapping(address => bool) for claim tracking if needed.

Rewards breakdown

nSLOC

215

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.