claimSnowman function faces DoS when a malicious user frontruns and transfers an additional snow token, thus preventing users to claim their aidrop nft.
Root + Impact
Root Cause
The claimSnowman function derives the claim amount dynamically from the user’s current Snow token balance:
This value is then used to:
Construct the Merkle leaf
Verify inclusion against the Merkle root
However, the Merkle tree was constructed using a fixed snapshot of balances, meaning the expected amount must match exactly. Any deviation in the user’s balance at execution time results in a different leaf and invalid proof.
Impact
Denial of Service (DoS) for legitimate users
A user’s claim can be invalidated if their balance changes before transaction executionGriefing attack vector
An attacker can front-run a user’s claim transaction by transferring a small amount ofSnowtokens to the user, altering their balance and causing the Merkle proof to fail
Description
Under normal behavior, Merkle-based airdrops rely on a fixed dataset (e.g.,
(address, amount)pairs) computed off-chain. During claim, the contract should verify against this fixed data, independent of mutable on-chain state.In the current implementation, the claim logic depends on the user’s live token balance, which can change between transaction submission and execution. Since the Merkle proof expects an exact
(receiver, amount)pair, any balance change (even by 1 wei) results in a mismatch and causes the claim to revert.
Risk
Likelihood:
Occurs when a user submits a claim transaction that remains pending in the mempool
Occurs when any third party transfers tokens to the claimant before the transaction is mined
Impact:
Valid claims can be permanently blocked or repeatedly fail
Attackers can grief users at negligible cost by sending minimal token amounts
Recommended Mitigation
Using merkle proof for this validation seems totally irrelevant, as the invariant says that user should be able to claim nft equal to their snow token balance, but utilizing merkle proof for this is not at all required as the proof can be generated directly by looking at the user's token balance and mainting how much of the token they have claimed.
Lead Judging Commences
[M-01] DoS to a user trying to claim a Snowman
# Root + Impact ## Description * Users will approve a specific amount of Snow to the SnowmanAirdrop and also sign a message with their address and that same amount, in order to be able to claim the NFT * Because the current amount of Snow owned by the user is used in the verification, an attacker could forcefully send Snow to the receiver in a front-running attack, to prevent the receiver from claiming the NFT.  ```Solidity function getMessageHash(address receiver) public view returns (bytes32) { ... // @audit HIGH An attacker could send 1 wei of Snow token to the receiver and invalidate the signature, causing the receiver to never be able to claim their Snowman uint256 amount = i_snow.balanceOf(receiver); return _hashTypedDataV4( keccak256(abi.encode(MESSAGE_TYPEHASH, SnowmanClaim({receiver: receiver, amount: amount}))) ); ``` ## Risk **Likelihood**: * The attacker must purchase Snow and forcefully send it to the receiver in a front-running attack, so the likelihood is Medium **Impact**: * The impact is High as it could lock out the receiver from claiming forever ## Proof of Concept The attack consists on Bob sending an extra Snow token to Alice before Satoshi claims the NFT on behalf of Alice. To showcase the risk, the extra Snow is earned for free by Bob. ```Solidity function testDoSClaimSnowman() public { assert(snow.balanceOf(alice) == 1); // Get alice's digest while the amount is still 1 bytes32 alDigest = airdrop.getMessageHash(alice); // alice signs a message (uint8 alV, bytes32 alR, bytes32 alS) = vm.sign(alKey, alDigest); vm.startPrank(bob); vm.warp(block.timestamp + 1 weeks); snow.earnSnow(); assert(snow.balanceOf(bob) == 2); snow.transfer(alice, 1); // Alice claim test assert(snow.balanceOf(alice) == 2); vm.startPrank(alice); snow.approve(address(airdrop), 1); // satoshi calls claims on behalf of alice using her signed message vm.startPrank(satoshi); vm.expectRevert(); airdrop.claimSnowman(alice, AL_PROOF, alV, alR, alS); } ``` ## Recommended Mitigation Include the amount to be claimed in both `getMessageHash` and `claimSnowman` instead of reading it from the Snow contract. Showing only the new code in the section below ```Python function claimSnowman(address receiver, uint256 amount, bytes32[] calldata merkleProof, uint8 v, bytes32 r, bytes32 s) external nonReentrant { ... bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(receiver, amount)))); if (!MerkleProof.verify(merkleProof, i_merkleRoot, leaf)) { revert SA__InvalidProof(); } // @audit LOW Seems like using the ERC20 permit here would allow for both the delegation of the claim and the transfer of the Snow tokens in one transaction i_snow.safeTransferFrom(receiver, address(this), amount); // send ... } ```
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Judging
Submissions are being reviewed by our AI judge. Results will be available in a few minutes.
View all submissionsRewards Distribution
The contest is complete and the rewards are being distributed.