AirDropper
AI First Flight #5
Beginner FriendlyDeFiFoundry
EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Missing claim tracking allows eligible addresses to drain the entire airdrop by claiming multiple times

sexretxt

Description

  • The claim() function is designed to allow each eligible address to claim their allocated 25 USDC exactly once by verifying a merkle proof against the stored root.

  • However, the contract does not record whether an address has already claimed. Because no state is written after a successful claim, the same valid merkle proof can be reused indefinitely in subsequent calls, allowing an eligible address to drain the entire contract balance.

function claim(address account, uint256 amount, bytes32[] calldata merkleProof)
external payable {
if (msg.value != FEE) revert MerkleAirdrop__InvalidFeeAmount();
bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(account, amount))));
// @> No check whether account has already claimed
if (!MerkleProof.verify(merkleProof, i_merkleRoot, leaf))
revert MerkleAirdrop__InvalidProof();
// @> No state variable is updated to mark this account as claimed
emit Claimed(account, amount);
// @> safeTransfer executes unconditionally on every call with a valid proof
i_airdropToken.safeTransfer(account, amount);
}

Risk

Likelihood:

  • Any of the four eligible addresses calls claim() more than once using the same merkle proof — the contract has no mechanism to detect or prevent repeated calls

  • A third party reconstructs a valid proof from the public makeMerkle.js output and the on-chain merkle root, then repeatedly calls claim() on behalf of an eligible address

Impact:

  • The entire contract token balance (100 USDC) can be drained by a single eligible address at a total cost of only 4 × 1 Gwei in ETH fees

  • All other eligible addresses are permanently unable to claim their allocation, as the contract becomes fully insolvent

Proof of Concept

The root cause is that claim() has no memory between calls — every invocation with a valid proof is treated as a fresh, legitimate claim. An attacker who holds one of the four eligible addresses (or obtains a valid proof, which is reconstructable from the public makeMerkle.js output) can exploit this by simply calling claim() repeatedly. Each call independently passes both the fee check and the merkle proof verification, so tokens are transferred on every invocation with no limit. The following steps show how the full 100 USDC can be drained at negligible cost:

// Conceptual attack flow:
//
// 1. Attacker is one of the four eligible addresses with a valid merkle proof
//
// 2. Attacker calls claim() four times with the same proof:
// airdrop.claim{value: 1e9}(attacker, 25e6, validProof); // receives 25 USDC
// airdrop.claim{value: 1e9}(attacker, 25e6, validProof); // receives 25 USDC again
// airdrop.claim{value: 1e9}(attacker, 25e6, validProof); // receives 25 USDC again
// airdrop.claim{value: 1e9}(attacker, 25e6, validProof); // receives 25 USDC again
//
// 3. Each call passes both checks:
// - msg.value == FEE → true (1 Gwei sent each time)
// - MerkleProof.verify(...) → true (same valid proof reused)
//
// 4. No state prevents re-entry:
// - s_hasClaimed[attacker] does not exist
// - safeTransfer executes on every call
//
// 5. Final state:
// - attacker balance : 100 USDC (4x the intended 25 USDC)
// - contract balance : 0 USDC (fully drained)
// - other 3 claimants: 0 USDC (nothing left to claim)
// - total ETH spent : 4 Gwei (~$0.00001)

Recommended Mitigation

Introduce a mapping(address => bool) to permanently record each address that has successfully claimed. The check must be placed at the top of the function (before any other logic), and the state update must be written before the external safeTransfer() call to follow the Checks-Effects-Interactions pattern and prevent any reentrancy risk from future token integrations.

+ mapping(address => bool) private s_hasClaimed;
+ error MerkleAirdrop__AlreadyClaimed();
function claim(address account, uint256 amount, bytes32[] calldata merkleProof)
external payable {
+ if (s_hasClaimed[account]) revert MerkleAirdrop__AlreadyClaimed();
if (msg.value != FEE) revert MerkleAirdrop__InvalidFeeAmount();
bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(account, amount))));
if (!MerkleProof.verify(merkleProof, i_merkleRoot, leaf))
revert MerkleAirdrop__InvalidProof();
+ s_hasClaimed[account] = true;
emit Claimed(account, amount);
i_airdropToken.safeTransfer(account, amount);
}
Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 2 hours ago
Submission Judgement Published
Validated
Assigned finding tags:

[H-02] Eligible users can claim their airdrop amounts over and over again, draining the contract

## Description A user eligible for the airdrop can verify themselves as being part of the merkle tree and claim their airdrop amount. However, there is no mechanism enabled to track the users who have already claimed their airdrop, and the merkle tree is still composed of the same user. This allows users to drain the `MerkleAirdrop` contract by calling the `MerkleAirdrop::claim()` function over and over again. ## Impact **Severity: High**<br/>**Likelihood: High** A malicious user can call the `MerkleAirdrop::claim()` function over and over again until the contract is drained of all its funds. This also means that other users won't be able to claim their airdrop amounts. ## Proof of Code Add the following test to `./test/MerkleAirdrop.t.sol`, ```javascript function testClaimAirdropOverAndOverAgain() public { vm.deal(collectorOne, airdrop.getFee() * 4); for (uint8 i = 0; i < 4; i++) { vm.prank(collectorOne); airdrop.claim{ value: airdrop.getFee() }(collectorOne, amountToCollect, proof); } assertEq(token.balanceOf(collectorOne), 100e6); } ``` The test passes, and the malicious user has drained the contract of all its funds. ## Recommended Mitigation Use a mapping to store the addresses that have claimed their airdrop amounts. Check and update this mapping each time a user tries to claim their airdrop amount. ```diff contract MerkleAirdrop is Ownable { using SafeERC20 for IERC20; error MerkleAirdrop__InvalidFeeAmount(); error MerkleAirdrop__InvalidProof(); error MerkleAirdrop__TransferFailed(); + error MerkleAirdrop__AlreadyClaimed(); uint256 private constant FEE = 1e9; IERC20 private immutable i_airdropToken; bytes32 private immutable i_merkleRoot; + mapping(address user => bool claimed) private s_hasClaimed; ... function claim(address account, uint256 amount, bytes32[] calldata merkleProof) external payable { + if (s_hasClaimed[account]) revert MerkleAirdrop__AlreadyClaimed(); if (msg.value != FEE) { revert MerkleAirdrop__InvalidFeeAmount(); } bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(account, amount)))); if (!MerkleProof.verify(merkleProof, i_merkleRoot, leaf)) { revert MerkleAirdrop__InvalidProof(); } + s_hasClaimed[account] = true; emit Claimed(account, amount); i_airdropToken.safeTransfer(account, amount); } ``` Now, let's unit test the changes, ```javascript function testCannotClaimAirdropMoreThanOnceAnymore() public { vm.deal(collectorOne, airdrop.getFee() * 2); vm.prank(collectorOne); airdrop.claim{ value: airdrop.getFee() }(collectorOne, amountToCollect, proof); vm.prank(collectorOne); airdrop.claim{ value: airdrop.getFee() }(collectorOne, amountToCollect, proof); } ``` The test correctly fails, with the following logs, ```shell Failing tests: Encountered 1 failing test in test/MerkleAirdropTest.t.sol:MerkleAirdropTest [FAIL. Reason: MerkleAirdrop__AlreadyClaimed()] testCannotClaimAirdropMoreThanOnceAnymore() (gas: 96751) ```

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!