Snowman Merkle Airdrop

AI First Flight #10

Beginner FriendlyFoundrySolidityNFT

EXP

View results

Previous Next

Submission Details

Impact: high

Likelihood: high

Invalid

Missing safeTransfer for WETH in collectFee

vikramgoutham289

Root + Impact

Using transfer instead of safeTransfer for WETH in collectFee fails to check return values, potentially causing silent transfer failures where the collector believes fees were collected when they were not.

Description

The contract imports and uses SafeERC20 for safe token operations. The collectFee function should use safeTransfer to ensure the transfer succeeds and properly handles tokens that return false on failure instead of reverting.

The function uses the standard transfer method instead of safeTransfer, which does not check return values. Some ERC20 tokens return false on failure rather than reverting.

// Snow.sol

using SafeERC20 for IERC20;

function collectFee() external onlyCollector {

uint256 collection = i_weth.balanceOf(address(this));

i_weth.transfer(s_collector, collection); // @> Uses transfer instead of safeTransfer

(bool collected,) = payable(s_collector).call{value: address(this).balance}("");

require(collected, "Fee collection failed!!!");

}

Risk

Likelihood:HIGH

Reason 1 :Occurs when interacting with non-standard ERC20 tokens that return false instead of reverting
Reason 2:WETH is standard, but contract upgrade or wrapper changes could introduce this issue

Impact:

Impact 1:Collector believes fees were collected when they were not
Impact 2: Potential loss of accumulated fees

Proof of Concept

This test demonstrates that if WETH or a replacement token returns false instead of reverting on transfer failure, the collectFee function would continue execution without error, leaving the collector unaware that funds were not actually transferred.

function testTransferFailsSilently() public {

// Mock token that returns false instead of reverting

MockBadToken badToken = new MockBadToken();

// Call collectFee - transfer returns false but function completes

collector.collectFee();

// Collector thinks they received funds but balance unchanged

assertEq(badToken.balanceOf(collector), 0);

}

Recommended Mitigation

Replace transfer with safeTransfer which properly checks return values and reverts on failure. Since SafeERC20 is already imported and declared, simply change the function call to ensure all token transfers are properly validated.

function collectFee() external onlyCollector {

uint256 collection = i_weth.balanceOf(address(this));

- i_weth.transfer(s_collector, collection);

+ i_weth.safeTransfer(s_collector, collection);

(bool collected,) = payable(s_collector).call{value: address(this).balance}("");

require(collected, "Fee collection failed!!!");

+ emit FeeCollected();

}

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge 7 days ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!