Missing Claim Tracking Enables Merkle Proof Replay and Complete Airdrop Token Drain
Missing Claim Tracking Enables Merkle Proof Replay and Complete Airdrop Token Drain
Description
-
The
claimfunction is intended to allow each eligible user to claim their airdropped tokens exactly once by submitting a valid Merkle proof for their(account, amount)pair and paying the required fee. After a successful claim, the user should no longer be able to claim the same allocation again. -
The contract does not record or track whether a Merkle leaf or address has already claimed, so the same valid Merkle proof can be reused multiple times. As a result, an attacker can repeatedly call
claimwith the same proof and drain the airdrop token balance far beyond the intended one-time allocation.
Risk
Likelihood:
This occurs whenever a claimant submits a valid Merkle proof more than once, since the contract does not update or check any on-chain state to prevent reuse of the same
(account, amount)leaf across multipleclaimcalls.
Impact:
-
An attacker can repeatedly reuse a valid Merkle proof to claim tokens multiple times, eventually draining the entire airdrop token balance held by the contract.
-
Once the token balance is exhausted, eligible users are unable to claim their intended allocations.
-
The airdrop mechanism becomes unreliable, undermining user confidence and harming the protocol’s reputation
-
The project may need to compensate affected users or redeploy a corrected contract, incurring additional operational and reputational costs.
Proof of Concept
add this test in the test file:
When you run it, the test will pass showing that a user could call the function more than once to claim more airdrop than expected:
```
$ forge test --mt testDoubleClaim
[⠊] Compiling...
[⠘] Compiling 1 files with Solc 0.8.24
[⠃] Solc 0.8.24 finished in 738.58ms
Compiler run successful!
Ran 1 test for test/MerkleAirdropTest.t.sol:MerkleAirdropTest
[PASS] testDoubleClaim() (gas: 92888)
Suite result: ok. 1 passed; 0 failed; 0 skipped; finished in 1.10ms (235.20µs CPU time)
Ran 1 test suite in 32.52ms (1.10ms CPU time): 1 tests passed, 0 failed, 0 skipped (1 total tests)
```
Recommended Mitigation
Protocol should track who has claimed.
add the following
Lead Judging Commences
[H-02] Eligible users can claim their airdrop amounts over and over again, draining the contract
## Description A user eligible for the airdrop can verify themselves as being part of the merkle tree and claim their airdrop amount. However, there is no mechanism enabled to track the users who have already claimed their airdrop, and the merkle tree is still composed of the same user. This allows users to drain the `MerkleAirdrop` contract by calling the `MerkleAirdrop::claim()` function over and over again. ## Impact **Severity: High**<br/>**Likelihood: High** A malicious user can call the `MerkleAirdrop::claim()` function over and over again until the contract is drained of all its funds. This also means that other users won't be able to claim their airdrop amounts. ## Proof of Code Add the following test to `./test/MerkleAirdrop.t.sol`, ```javascript function testClaimAirdropOverAndOverAgain() public { vm.deal(collectorOne, airdrop.getFee() * 4); for (uint8 i = 0; i < 4; i++) { vm.prank(collectorOne); airdrop.claim{ value: airdrop.getFee() }(collectorOne, amountToCollect, proof); } assertEq(token.balanceOf(collectorOne), 100e6); } ``` The test passes, and the malicious user has drained the contract of all its funds. ## Recommended Mitigation Use a mapping to store the addresses that have claimed their airdrop amounts. Check and update this mapping each time a user tries to claim their airdrop amount. ```diff contract MerkleAirdrop is Ownable { using SafeERC20 for IERC20; error MerkleAirdrop__InvalidFeeAmount(); error MerkleAirdrop__InvalidProof(); error MerkleAirdrop__TransferFailed(); + error MerkleAirdrop__AlreadyClaimed(); uint256 private constant FEE = 1e9; IERC20 private immutable i_airdropToken; bytes32 private immutable i_merkleRoot; + mapping(address user => bool claimed) private s_hasClaimed; ... function claim(address account, uint256 amount, bytes32[] calldata merkleProof) external payable { + if (s_hasClaimed[account]) revert MerkleAirdrop__AlreadyClaimed(); if (msg.value != FEE) { revert MerkleAirdrop__InvalidFeeAmount(); } bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(account, amount)))); if (!MerkleProof.verify(merkleProof, i_merkleRoot, leaf)) { revert MerkleAirdrop__InvalidProof(); } + s_hasClaimed[account] = true; emit Claimed(account, amount); i_airdropToken.safeTransfer(account, amount); } ``` Now, let's unit test the changes, ```javascript function testCannotClaimAirdropMoreThanOnceAnymore() public { vm.deal(collectorOne, airdrop.getFee() * 2); vm.prank(collectorOne); airdrop.claim{ value: airdrop.getFee() }(collectorOne, amountToCollect, proof); vm.prank(collectorOne); airdrop.claim{ value: airdrop.getFee() }(collectorOne, amountToCollect, proof); } ``` The test correctly fails, with the following logs, ```shell Failing tests: Encountered 1 failing test in test/MerkleAirdropTest.t.sol:MerkleAirdropTest [FAIL. Reason: MerkleAirdrop__AlreadyClaimed()] testCannotClaimAirdropMoreThanOnceAnymore() (gas: 96751) ```
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Judging
Submissions are being reviewed by our AI judge. Results will be available in a few minutes.
View all submissionsRewards Distribution
The contest is complete and the rewards are being distributed.