AirDropper
AI First Flight #5
Beginner FriendlyDeFiFoundry
EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Multiple claims drainage

lordbolton

Root + Impact

Description

  • The MerkleAirdrop contract is designed to allow eligible users to claim their allocated tokens exactly once by providing a valid Merkle proof that verifies their address and amount are part of the airdrop distribution tree.

  • The contract has no mechanism to track which addresses have already claimed their tokens, allowing any eligible user to call the claim() function repeatedly with the same valid Merkle proof until the entire contract balance is drained.

function claim(address account, uint256 amount, bytes32[] calldata merkleProof) external payable {
if (msg.value != FEE) {
revert MerkleAirdrop__InvalidFeeAmount();
}
bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(account, amount))));
if (!MerkleProof.verify(merkleProof, i_merkleRoot, leaf)) {
revert MerkleAirdrop__InvalidProof();
}
emit Claimed(account, amount);
// @> No check to prevent an address from claiming multiple times
// @> No storage variable tracking whether 'account' has already claimed
i_airdropToken.safeTransfer(account, amount);
}

Risk

Likelihood:

  • Any eligible user possesses a valid Merkle proof that permanently remains valid throughout the contract's lifetime

  • The claim function is public and can be called unlimited times with the same proof parameters

  • The attack requires minimal technical knowledge - simply calling the same function repeatedly with identical parameters

  • The 1 Gwei fee (approximately $0.000003 per claim) is negligible compared to the 25 USDC reward per claim, providing strong economic incentive

Impact:

  • Complete drainage of the airdrop contract - a single malicious user can claim all 100 USDC instead of their allocated 25 USDC

  • Denial of service for legitimate users who are left with no tokens to claim after the contract is drained

  • Loss of trust in the project as three out of four eligible users receive nothing from the airdrop

  • Owner loses all airdrop funds while still having invested gas costs for deployment and token transfers

Proof of Concept

Add the following test to MerkleAirdropTest.t.sol:

function testMultipleClaimsDrainContract() public {
uint256 startingBalance = token.balanceOf(collectorOne);
uint256 startingContractBalance = token.balanceOf(address(airdrop));
// Give collectorOne enough ETH for 4 claims (entire contract balance)
vm.deal(collectorOne, airdrop.getFee() * 4);
vm.startPrank(collectorOne);
// Claim 1 - Gets 25 USDC
airdrop.claim{value: airdrop.getFee()}(collectorOne, amountToCollect, proof);
// Claim 2 - Gets another 25 USDC (should fail but doesn't!)
airdrop.claim{value: airdrop.getFee()}(collectorOne, amountToCollect, proof);
// Claim 3 - Gets another 25 USDC
airdrop.claim{value: airdrop.getFee()}(collectorOne, amountToCollect, proof);
// Claim 4 - Gets final 25 USDC - CONTRACT COMPLETELY DRAINED
airdrop.claim{value: airdrop.getFee()}(collectorOne, amountToCollect, proof);
vm.stopPrank();
uint256 endingBalance = token.balanceOf(collectorOne);
uint256 endingContractBalance = token.balanceOf(address(airdrop));
// User received 4x their allocation
assertEq(endingBalance - startingBalance, amountToCollect * 4);
// Contract is completely drained
assertEq(endingContractBalance, 0);
// User stole the entire airdrop meant for 4 people
assertEq(endingBalance - startingBalance, startingContractBalance);
}

Recommended Mitigation

Add a mapping to track claimed addresses and check it before allowing claims:

contract MerkleAirdrop is Ownable {
using SafeERC20 for IERC20;
error MerkleAirdrop__InvalidFeeAmount();
error MerkleAirdrop__InvalidProof();
error MerkleAirdrop__TransferFailed();
+ error MerkleAirdrop__AlreadyClaimed();
uint256 private constant FEE = 1e9;
IERC20 private immutable i_airdropToken;
bytes32 private immutable i_merkleRoot;
+ mapping(address => bool) private hasClaimed;
event Claimed(address account, uint256 amount);
event MerkleRootUpdated(bytes32 newMerkleRoot);
constructor(bytes32 merkleRoot, IERC20 airdropToken) Ownable(msg.sender) {
i_merkleRoot = merkleRoot;
i_airdropToken = airdropToken;
}
function claim(address account, uint256 amount, bytes32[] calldata merkleProof) external payable {
+ if (hasClaimed[account]) {
+ revert MerkleAirdrop__AlreadyClaimed();
+ }
if (msg.value != FEE) {
revert MerkleAirdrop__InvalidFeeAmount();
}
bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(account, amount))));
if (!MerkleProof.verify(merkleProof, i_merkleRoot, leaf)) {
revert MerkleAirdrop__InvalidProof();
}
+ hasClaimed[account] = true;
emit Claimed(account, amount);
i_airdropToken.safeTransfer(account, amount);
}
Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge 3 days ago
Submission Judgement Published
Validated
Assigned finding tags:

[H-02] Eligible users can claim their airdrop amounts over and over again, draining the contract

## Description A user eligible for the airdrop can verify themselves as being part of the merkle tree and claim their airdrop amount. However, there is no mechanism enabled to track the users who have already claimed their airdrop, and the merkle tree is still composed of the same user. This allows users to drain the `MerkleAirdrop` contract by calling the `MerkleAirdrop::claim()` function over and over again. ## Impact **Severity: High**<br/>**Likelihood: High** A malicious user can call the `MerkleAirdrop::claim()` function over and over again until the contract is drained of all its funds. This also means that other users won't be able to claim their airdrop amounts. ## Proof of Code Add the following test to `./test/MerkleAirdrop.t.sol`, ```javascript function testClaimAirdropOverAndOverAgain() public { vm.deal(collectorOne, airdrop.getFee() * 4); for (uint8 i = 0; i < 4; i++) { vm.prank(collectorOne); airdrop.claim{ value: airdrop.getFee() }(collectorOne, amountToCollect, proof); } assertEq(token.balanceOf(collectorOne), 100e6); } ``` The test passes, and the malicious user has drained the contract of all its funds. ## Recommended Mitigation Use a mapping to store the addresses that have claimed their airdrop amounts. Check and update this mapping each time a user tries to claim their airdrop amount. ```diff contract MerkleAirdrop is Ownable { using SafeERC20 for IERC20; error MerkleAirdrop__InvalidFeeAmount(); error MerkleAirdrop__InvalidProof(); error MerkleAirdrop__TransferFailed(); + error MerkleAirdrop__AlreadyClaimed(); uint256 private constant FEE = 1e9; IERC20 private immutable i_airdropToken; bytes32 private immutable i_merkleRoot; + mapping(address user => bool claimed) private s_hasClaimed; ... function claim(address account, uint256 amount, bytes32[] calldata merkleProof) external payable { + if (s_hasClaimed[account]) revert MerkleAirdrop__AlreadyClaimed(); if (msg.value != FEE) { revert MerkleAirdrop__InvalidFeeAmount(); } bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(account, amount)))); if (!MerkleProof.verify(merkleProof, i_merkleRoot, leaf)) { revert MerkleAirdrop__InvalidProof(); } + s_hasClaimed[account] = true; emit Claimed(account, amount); i_airdropToken.safeTransfer(account, amount); } ``` Now, let's unit test the changes, ```javascript function testCannotClaimAirdropMoreThanOnceAnymore() public { vm.deal(collectorOne, airdrop.getFee() * 2); vm.prank(collectorOne); airdrop.claim{ value: airdrop.getFee() }(collectorOne, amountToCollect, proof); vm.prank(collectorOne); airdrop.claim{ value: airdrop.getFee() }(collectorOne, amountToCollect, proof); } ``` The test correctly fails, with the following logs, ```shell Failing tests: Encountered 1 failing test in test/MerkleAirdropTest.t.sol:MerkleAirdropTest [FAIL. Reason: MerkleAirdrop__AlreadyClaimed()] testCannotClaimAirdropMoreThanOnceAnymore() (gas: 96751) ```

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!