AirDropper

AI First Flight #5

Beginner FriendlyDeFiFoundry

EXP

View results

Previous Next

Submission Details

Impact: low

Likelihood: low

Invalid

Strict msg.value != FEE check reverts on any overpayment with no refund, a denial-of-service to careless claimers

sub99

Strict fee equality check reverts on any overpayment and never refunds excess, causing a denial of service for overpaying claimants

Description

claim() enforces msg.value != FEE as a strict equality. A claimant who attaches even slightly more than FEE (e.g. due to UI rounding or a higher-value attempt) is reverted, and no refund path exists for excess ETH.

function claim(address account, uint256 amount, bytes32[] calldata merkleProof) external payable {

if (msg.value != FEE) { // @> strict equality reverts on overpayment; no refund of excess

revert MerkleAirdrop__InvalidFeeAmount();

}

(src/MerkleAirdrop.sol:30-33)

Risk

Likelihood: Low

It only affects claimants who do not send exactly FEE. With a known constant fee a correct integration sends the exact amount, so this mostly hits hand-crafted or imprecise transactions.

Impact: Low

An overpaying claimant's transaction reverts (wasting gas) and they cannot claim until they retry with the exact value. There is no fund loss beyond gas, but it is a usability/availability papercut, and combined with eventual rejection it can block legitimate users who round up.

Proof of Concept

Sending FEE + 1 wei reverts instead of accepting the claim and refunding the surplus.

function test_overpaymentReverts() public {

vm.expectRevert(MerkleAirdrop.MerkleAirdrop__InvalidFeeAmount.selector);

airdrop.claim{value: airdrop.getFee() + 1}(account, amount, proof);

}

Recommended Mitigation

Accept at least FEE and refund the remainder, or clearly document that an exact fee is required.

- if (msg.value != FEE) {

+ if (msg.value < FEE) {

revert MerkleAirdrop__InvalidFeeAmount();

}

+ uint256 excess = msg.value - FEE;

+ if (excess > 0) {

+ (bool ok,) = payable(msg.sender).call{ value: excess }("");

+ if (!ok) revert MerkleAirdrop__TransferFailed();

+ }

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 3 hours ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!