SnowmanAirdrop contract so it can verify user claims.The SnowMerkle script generates a Merkle root and saves it to output.json, but this root is never actually set in the SnowmanAirdrop contract, making proof verification impossible.
Likelihood:
The workflow always writes root to JSON but never sets it in the contract
No code exists anywhere to read the JSON and update the contract
Impact:
All claim attempts will fail due to missing/incorrect Merkle root
Airdrop contract cannot verify any proofs
Deploy the airdrop contract through Helper and check its Merkle root state variable - it will be uninitialized (bytes32(0)) because no script sets it after SnowMerkle generates the root.
Add a configuration step in DeploySnowmanAirdrop to read the root from output.json and call airdrop.setMerkleRoot(root) after deployment.
The contest is live. Earn rewards by submitting a finding.
Submissions are being reviewed by our AI judge. Results will be available in a few minutes.
View all submissionsThe contest is complete and the rewards are being distributed.