Missing state check in claimSnowman allows infinite Merkle proof and signature replays, draining NFTs
Root + Impact
Description
-
The
SnowmanAirdropcontract intends to allow eligible users to claim aSnowmanNFT exactly once. To enforce this, the contract defines a mappings_hasClaimedSnowmanwhich is updated totrueafter a successful claim. -
While the
claimSnowmanfunction updates thes_hasClaimedSnowmanmapping at the end of its execution, it never actually checks this mapping at the beginning. Because the Merkle leaf is constructed using only thereceiverandamount(lacking a nonce), an attacker can simply transfer moreSnowtokens into their wallet and reuse the exact same signature and Merkle proof to repeatedly callclaimSnowman(), infinitely minting NFTs.
Risk
Likelihood:
High. Exploiting this requires no special privileges, flash loans, or complex contract deployments. An attacker only needs to be a valid recipient in the Merkle tree and have access to secondary
Snowtokens.
Impact:
High. Complete breakdown of the NFT rarity and distribution mechanics. An attacker can infinitely inflate the supply of
SnowmanNFTs, draining value from legitimate participants and breaking the 1:1 integration between the ERC20 staking and ERC721 claiming.
Proof of Concept
Narrative Setup: The following Foundry test proves the missing state check allows for infinite claiming. We simulate a valid user (Alice) who successfully claims her Snowman NFT. To execute the replay attack, Alice simply acquires more Snow tokens (e.g., from a secondary wallet) matching her original balance, and calls claimSnowman again using her original signature and proof. The transaction succeeds, minting her a second NFT.
Execution Steps:
Alice legitimately claims her airdrop using her valid signature and Merkle proof.
Alice transfers fresh
Snowtokens into her wallet so her balance matches her original Merkle leaf amount.Alice calls
claimSnowmana second time with the exact same parameters.The test asserts that Alice's NFT balance is now 2, proving the replay was successful.
How to run this test: Place the following code inside a Foundry test file connected to the SnowmanAirdrop contract and run it. (Note: aliceProof, v, r, and s represent valid cryptographic inputs generated during setup).
Recommended Mitigation
A standard ECDSA nonce mapping is insufficient here, as the static Merkle proof could still be replayed. The protocol must enforce a strict state-lock using the existing mapping to immediately revert duplicate claims, preserving the Checks-Effects-Interactions pattern
Lead Judging Commences
[L-01] Missing Claim Status Check Allows Multiple Claims in SnowmanAirdrop.sol::claimSnowman
# Root + Impact   **Root:** The [`claimSnowman`](https://github.com/CodeHawks-Contests/2025-06-snowman-merkle-airdrop/blob/b63f391444e69240f176a14a577c78cb85e4cf71/src/SnowmanAirdrop.sol#L44) function updates `s_hasClaimedSnowman[receiver] = true` but never checks if the user has already claimed before processing the claim, allowing users to claim multiple times if they acquire more Snow tokens. **Impact:** Users can bypass the intended one-time airdrop limit by claiming, acquiring more Snow tokens, and claiming again, breaking the airdrop distribution model and allowing unlimited NFT minting for eligible users. ## Description * **Normal Behavior:** Airdrop mechanisms should enforce one claim per eligible user to ensure fair distribution and prevent abuse of the reward system. * **Specific Issue:** The function sets the claim status to true after processing but never validates if `s_hasClaimedSnowman[receiver]` is already true at the beginning, allowing users to claim multiple times as long as they have Snow tokens and valid proofs. ## Risk **Likelihood**: Medium * Users need to acquire additional Snow tokens between claims, which requires time and effort * Users must maintain their merkle proof validity across multiple claims * Attack requires understanding of the missing validation check **Impact**: High * **Airdrop Abuse**: Users can claim far more NFTs than intended by the distribution mechanism * **Unfair Distribution**: Some users receive multiple rewards while others may receive none * **Economic Manipulation**: Breaks the intended scarcity and distribution model of the NFT collection ## Proof of Concept Add the following test to TestSnowMan.t.sol ```Solidity function testMultipleClaimsAllowed() public { // Alice claims her first NFT vm.prank(alice); snow.approve(address(airdrop), 1); bytes32 aliceDigest = airdrop.getMessageHash(alice); (uint8 v, bytes32 r, bytes32 s) = vm.sign(alKey, aliceDigest); vm.prank(alice); airdrop.claimSnowman(alice, AL_PROOF, v, r, s); assert(nft.balanceOf(alice) == 1); assert(airdrop.getClaimStatus(alice) == true); // Alice acquires more Snow tokens (wait for timer and earn again) vm.warp(block.timestamp + 1 weeks); vm.prank(alice); snow.earnSnow(); // Alice can claim AGAIN with new Snow tokens! vm.prank(alice); snow.approve(address(airdrop), 1); bytes32 aliceDigest2 = airdrop.getMessageHash(alice); (uint8 v2, bytes32 r2, bytes32 s2) = vm.sign(alKey, aliceDigest2); vm.prank(alice); airdrop.claimSnowman(alice, AL_PROOF, v2, r2, s2); // Second claim succeeds! assert(nft.balanceOf(alice) == 2); // Alice now has 2 NFTs } ``` ## Recommended Mitigation **Add a claim status check at the beginning of the function** to prevent users from claiming multiple times. ```diff // Add new error + error SA__AlreadyClaimed(); function claimSnowman(address receiver, bytes32[] calldata merkleProof, uint8 v, bytes32 r, bytes32 s) external nonReentrant { + if (s_hasClaimedSnowman[receiver]) { + revert SA__AlreadyClaimed(); + } + if (receiver == address(0)) { revert SA__ZeroAddress(); } // Rest of function logic... s_hasClaimedSnowman[receiver] = true; } ```
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Judging
Submissions are being reviewed by our AI judge. Results will be available in a few minutes.
View all submissionsRewards Distribution
The contest is complete and the rewards are being distributed.