claim() has no double-claim protection allowing users to drain entire airdrop balance
Root + Impact
claim() does not track which addresses have already claimed. The same merkle proof can be reused unlimited times, allowing any eligible address to drain the entire airdrop token balance for near-zero cost.
Description
claim() function never records that an address has claimed:
function claim(address account, uint256 amount, bytes32[] calldata merkleProof) external payable {
if (msg.value != FEE) revert MerkleAirdrop__InvalidFeeAmount();
bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(account, amount))));
if (!MerkleProof.verify(merkleProof, i_merkleRoot, leaf)) revert MerkleAirdrop__InvalidProof();
emit Claimed(account, amount);
i_airdropToken.safeTransfer(account, amount); // transfers every call
}
No mapping(address => bool) hasClaimed exists. The merkle proof remains valid after claiming. The protocol invariant "each address claims exactly once" is never enforced on-chain.
State machine violation:
Expected: Unclaimed → Claimed (one-way, irreversible)
Actual: Unclaimed → Unclaimed (no state change recorded)
Risk
Any eligible address can call claim() unlimited times
Each call costs only 1e9 wei (~$0.000003) in fees
Each call returns 25 USDC
Attack ROI: 25,000,000x per call
All 4 eligible addresses lose their entitlement once balance is drained
Total airdrop of 100 USDC fully drained for under $0.001 in fees
Proof of Concept
Eligible address calls claim(account, 25e6, proof) paying 1e9 wei
Receives 25 USDC — no hasClaimed state updated
Calls claim() again with same proof — receives another 25 USDC
Repeats until contract balance is zero
Other 3 eligible users can no longer claim their entitlement
function test_H01_DoubleClaim() public {
uint256 balanceBefore = airdropToken.balanceOf(address(merkleAirdrop));
vm.prank(user);
merkleAirdrop.claim{value: FEE}(user, AMOUNT, proof);
vm.prank(user);
merkleAirdrop.claim{value: FEE}(user, AMOUNT, proof);
uint256 balanceAfter = airdropToken.balanceOf(address(merkleAirdrop));
assertEq(balanceAfter, balanceBefore - (AMOUNT * 2));
}
Recommended Mitigation
Add a hasClaimed mapping and check before transferring:
mapping(address => bool) private s_hasClaimed;
function claim(address account, uint256 amount, bytes32[] calldata merkleProof) external payable {
if (s_hasClaimed[account]) revert MerkleAirdrop__AlreadyClaimed();
if (msg.value != FEE) revert MerkleAirdrop__InvalidFeeAmount();
bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(account, amount))));
if (!MerkleProof.verify(merkleProof, i_merkleRoot, leaf)) revert MerkleAirdrop__InvalidProof();
s_hasClaimed[account] = true;
emit Claimed(account, amount);
i_airdropToken.safeTransfer(account, amount);
}
Lead Judging Commences
[H-02] Eligible users can claim their airdrop amounts over and over again, draining the contract
## Description A user eligible for the airdrop can verify themselves as being part of the merkle tree and claim their airdrop amount. However, there is no mechanism enabled to track the users who have already claimed their airdrop, and the merkle tree is still composed of the same user. This allows users to drain the `MerkleAirdrop` contract by calling the `MerkleAirdrop::claim()` function over and over again. ## Impact **Severity: High**<br/>**Likelihood: High** A malicious user can call the `MerkleAirdrop::claim()` function over and over again until the contract is drained of all its funds. This also means that other users won't be able to claim their airdrop amounts. ## Proof of Code Add the following test to `./test/MerkleAirdrop.t.sol`, ```javascript function testClaimAirdropOverAndOverAgain() public { vm.deal(collectorOne, airdrop.getFee() * 4); for (uint8 i = 0; i < 4; i++) { vm.prank(collectorOne); airdrop.claim{ value: airdrop.getFee() }(collectorOne, amountToCollect, proof); } assertEq(token.balanceOf(collectorOne), 100e6); } ``` The test passes, and the malicious user has drained the contract of all its funds. ## Recommended Mitigation Use a mapping to store the addresses that have claimed their airdrop amounts. Check and update this mapping each time a user tries to claim their airdrop amount. ```diff contract MerkleAirdrop is Ownable { using SafeERC20 for IERC20; error MerkleAirdrop__InvalidFeeAmount(); error MerkleAirdrop__InvalidProof(); error MerkleAirdrop__TransferFailed(); + error MerkleAirdrop__AlreadyClaimed(); uint256 private constant FEE = 1e9; IERC20 private immutable i_airdropToken; bytes32 private immutable i_merkleRoot; + mapping(address user => bool claimed) private s_hasClaimed; ... function claim(address account, uint256 amount, bytes32[] calldata merkleProof) external payable { + if (s_hasClaimed[account]) revert MerkleAirdrop__AlreadyClaimed(); if (msg.value != FEE) { revert MerkleAirdrop__InvalidFeeAmount(); } bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(account, amount)))); if (!MerkleProof.verify(merkleProof, i_merkleRoot, leaf)) { revert MerkleAirdrop__InvalidProof(); } + s_hasClaimed[account] = true; emit Claimed(account, amount); i_airdropToken.safeTransfer(account, amount); } ``` Now, let's unit test the changes, ```javascript function testCannotClaimAirdropMoreThanOnceAnymore() public { vm.deal(collectorOne, airdrop.getFee() * 2); vm.prank(collectorOne); airdrop.claim{ value: airdrop.getFee() }(collectorOne, amountToCollect, proof); vm.prank(collectorOne); airdrop.claim{ value: airdrop.getFee() }(collectorOne, amountToCollect, proof); } ``` The test correctly fails, with the following logs, ```shell Failing tests: Encountered 1 failing test in test/MerkleAirdropTest.t.sol:MerkleAirdropTest [FAIL. Reason: MerkleAirdrop__AlreadyClaimed()] testCannotClaimAirdropMoreThanOnceAnymore() (gas: 96751) ```
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Judging
Submissions are being reviewed by our AI judge. Results will be available in a few minutes.
View all submissionsRewards Distribution
The contest is complete and the rewards are being distributed.