AirDropper

AI First Flight #5

Beginner FriendlyDeFiFoundry

EXP

View results

Previous Next

Submission Details

Severity: high

Valid

Missing Claim Tracking in claim() — Complete Airdrop Pool Drain via Proof Replay

kivanov

Missing Claim Tracking in claim() — Complete Airdrop Pool Drain via Proof Replay

Description

Vulnerable Contract: src/MerkleAirdrop.sol (lines 30–39, function claim())

The MerkleAirdrop contract distributes ERC-20 tokens to eligible addresses verified via Merkle proofs. Each eligible address should be able to claim their allocation exactly once.

The claim() function verifies the Merkle proof and fee payment but does not track whether an account has already claimed. There is no mapping(address => bool) hasClaimed or any equivalent state. This allows the same valid proof to be replayed unlimited times, transferring amount tokens on each call until the contract's token balance is exhausted.

function claim(address account, uint256 amount, bytes32[] calldata merkleProof) external payable {

if (msg.value != FEE) {

revert MerkleAirdrop__InvalidFeeAmount();

}

bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(account, amount))));

if (!MerkleProof.verify(merkleProof, i_merkleRoot, leaf)) {

revert MerkleAirdrop__InvalidProof();

}

@> // No hasClaimed[account] check — replay is unrestricted

@> // No s_hasClaimed[account] = true; — no state written

emit Claimed(account, amount);

i_airdropToken.safeTransfer(account, amount);

}

Risk

Location: src/MerkleAirdrop.sol, function claim(), lines 30–39

Likelihood: High

Any caller who possesses a valid Merkle proof can replay the claim() call indefinitely. Merkle proofs are deterministic and leaked via the Claimed event. No special tools or conditions are needed — a simple loop suffices to drain the pool.

Impact: High

Complete drain of the airdrop token pool. All eligible users lose their allocations. In the test deployment, 100 USDC (4 users × 25 USDC) is extractable by a single user in 4 transactions at a cost of 4 gwei. Direct fund theft of 100% of contract balance.

Severity: Critical

Proof of Concept

An eligible claimer calls claim() 4 consecutive times with the same valid proof. Each call succeeds because no replay protection exists. The pool balance drops from 100,000,000 to 0, and the claimer receives 4× their intended allocation.

function test_SEED01_doubleClaimReplay() public {

uint256 fee = airdrop.getFee();

vm.deal(collectorOne, fee * 4);

vm.startPrank(collectorOne);

// Claim #1-4: all succeed, no replay protection

airdrop.claim{value: fee}(collectorOne, amountToCollect, proof); // bal: 75M

airdrop.claim{value: fee}(collectorOne, amountToCollect, proof); // bal: 50M

airdrop.claim{value: fee}(collectorOne, amountToCollect, proof); // bal: 25M

airdrop.claim{value: fee}(collectorOne, amountToCollect, proof); // bal: 0

vm.stopPrank();

// PROOF: pool completely drained

assertEq(token.balanceOf(address(airdrop)), 0);

assertEq(token.balanceOf(collectorOne), amountToCollect * 4);

}

// Result: [PASS] (gas: 146559) — pool drained from 100M to 0

Recommended Mitigation

Add a hasClaimed mapping to enforce single-use claims. The state update must occur before the external call to follow the Checks-Effects-Interactions pattern, preventing reentrancy amplification.

+ mapping(address => bool) private s_hasClaimed;

+ error MerkleAirdrop__AlreadyClaimed();

function claim(address account, uint256 amount, bytes32[] calldata merkleProof) external payable {

+ if (s_hasClaimed[account]) {

+ revert MerkleAirdrop__AlreadyClaimed();

+ }

if (msg.value != FEE) {

revert MerkleAirdrop__InvalidFeeAmount();

}

bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(account, amount))));

if (!MerkleProof.verify(merkleProof, i_merkleRoot, leaf)) {

revert MerkleAirdrop__InvalidProof();

}

+ s_hasClaimed[account] = true;

emit Claimed(account, amount);

i_airdropToken.safeTransfer(account, amount);

}

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 2 hours ago

Submission Judgement Published

Validated

Assigned finding tags:

[H-02] Eligible users can claim their airdrop amounts over and over again, draining the contract

## Description A user eligible for the airdrop can verify themselves as being part of the merkle tree and claim their airdrop amount. However, there is no mechanism enabled to track the users who have already claimed their airdrop, and the merkle tree is still composed of the same user. This allows users to drain the `MerkleAirdrop` contract by calling the `MerkleAirdrop::claim()` function over and over again. ## Impact **Severity: High**<br/>**Likelihood: High** A malicious user can call the `MerkleAirdrop::claim()` function over and over again until the contract is drained of all its funds. This also means that other users won't be able to claim their airdrop amounts. ## Proof of Code Add the following test to `./test/MerkleAirdrop.t.sol`, ```javascript function testClaimAirdropOverAndOverAgain() public { vm.deal(collectorOne, airdrop.getFee() * 4); for (uint8 i = 0; i < 4; i++) { vm.prank(collectorOne); airdrop.claim{ value: airdrop.getFee() }(collectorOne, amountToCollect, proof); } assertEq(token.balanceOf(collectorOne), 100e6); } ``` The test passes, and the malicious user has drained the contract of all its funds. ## Recommended Mitigation Use a mapping to store the addresses that have claimed their airdrop amounts. Check and update this mapping each time a user tries to claim their airdrop amount. ```diff contract MerkleAirdrop is Ownable { using SafeERC20 for IERC20; error MerkleAirdrop__InvalidFeeAmount(); error MerkleAirdrop__InvalidProof(); error MerkleAirdrop__TransferFailed(); + error MerkleAirdrop__AlreadyClaimed(); uint256 private constant FEE = 1e9; IERC20 private immutable i_airdropToken; bytes32 private immutable i_merkleRoot; + mapping(address user => bool claimed) private s_hasClaimed; ... function claim(address account, uint256 amount, bytes32[] calldata merkleProof) external payable { + if (s_hasClaimed[account]) revert MerkleAirdrop__AlreadyClaimed(); if (msg.value != FEE) { revert MerkleAirdrop__InvalidFeeAmount(); } bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(account, amount)))); if (!MerkleProof.verify(merkleProof, i_merkleRoot, leaf)) { revert MerkleAirdrop__InvalidProof(); } + s_hasClaimed[account] = true; emit Claimed(account, amount); i_airdropToken.safeTransfer(account, amount); } ``` Now, let's unit test the changes, ```javascript function testCannotClaimAirdropMoreThanOnceAnymore() public { vm.deal(collectorOne, airdrop.getFee() * 2); vm.prank(collectorOne); airdrop.claim{ value: airdrop.getFee() }(collectorOne, amountToCollect, proof); vm.prank(collectorOne); airdrop.claim{ value: airdrop.getFee() }(collectorOne, amountToCollect, proof); } ``` The test correctly fails, with the following logs, ```shell Failing tests: Encountered 1 failing test in test/MerkleAirdropTest.t.sol:MerkleAirdropTest [FAIL. Reason: MerkleAirdrop__AlreadyClaimed()] testCannotClaimAirdropMoreThanOnceAnymore() (gas: 96751) ```

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!