Snowman Merkle Airdrop

AI First Flight #10

Beginner FriendlyFoundrySolidityNFT

EXP

Submission Details

Impact: high

Likelihood: high

Invalid

Same signature is used multiple times

When user is claiming snowman NFTs using a signature, the signature should be usable only once. After a successful claim the signature should not be valid again.
The contract does not use a nonce or any mechanisms to mark a signature as used.
As a result, the same signature can be reused multiple times to call the 'claimSnowman' function, allowing repeated NFT claims.

// Root cause: No nounce or signature-used tracking

@> function _isValidSignature(address receiver, bytes32 digest, uint8 v, bytes32 r, bytes32 s)

Likelihood:

This occurs whenever a valid signature is reused to call the 'claimSnowman' functional multiple times.
The same signed message remains valid indefinitely because the contract does not invalidate it after use.

Impact:

Impact 1: Attackers can replay a single valid signature to mint Snowman NFTs multiple times.
Impact 2: This breaks the intended one-time authorization mechanism and leads to excess NFT minting.

// 1. Receiver signs a valid SnowmanClaim message once

// 2. Attacker submits the signature to claim Snowman NFTs

// 3. The same signature is reused to call claimSnowman again

// 4. The contract accepts the reused signature and mints NFTs again

+ mapping(address => uint256) private nonces;

+ require(nonce == nonces[receiver]++, "Invalid or reused signature");

Updates

ai-first-flight-judge Lead Judge 2 days ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

This contest has a flat reward structure with the following payouts:

The contest is live. Earn rewards by submitting a finding.

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

The contest is complete and the rewards are being distributed.

Support

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.