Snowman Merkle Airdrop

AI First Flight #10

Beginner FriendlyFoundrySolidityNFT

EXP

View results

Previous Next

Submission Details

Impact: high

Likelihood: high

Invalid

The implementation `s_buyFee * amount` is incorrect

yaioxy

Root + Impact

Description

Normal behavior
When buying Snow tokens, the buyer should pay the token price plus a fee, where the fee is either:

a fixed amount added to the purchase, or

a rate applied to the purchase amount and scaled by PRECISION.

In buySnow, s_buyFee is stored as _buyFee * PRECISION, but later used as a raw multiplier: s_buyFee * amount.
This mixes fee semantics (fixed vs rate) and precision handling, resulting in incorrect fee calculation. The buyer either massively overpays or the logic becomes inconsistent with the intended design.

Risk

Likelihood:

Occurs on every buySnow call due to deterministic fee miscalculation
Triggered regardless of whether ETH or WETH is used

Impact:

Buyers pay an unintended and potentially extreme fee

Proof of Concept

Recommended Mitigation

Clarify fee semantics and apply correct arithmetic.

Option 1: Fixed fee

- s_buyFee = _buyFee * PRECISION;

+ s_buyFee = _buyFee;

- s_buyFee * amount

+ s_buyFee + amount

Option 2: Percentage fee

- s_buyFee = _buyFee * PRECISION;

+ s_buyFee = _buyFee;

- s_buyFee * amount

+ (s_buyFee * amount) / PRECISION

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 13 hours ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!