Snowman Merkle Airdrop

AI First Flight #10

Beginner FriendlyFoundrySolidityNFT

EXP

View results

Previous Next

Submission Details

Impact: high

Likelihood: high

Invalid

Incorrect Farming Time Check Allows Snow Minting After Farming Ends

cheng10101

Root + Impact

Description

The Snow token is intended to be minted only during a fixed farming period and permanently disabled after the farming window expires.
However, the canFarmSnow modifier contains an incorrect timestamp comparison, which allows Snow minting logic to be executed beyond the intended farming deadline.

modifier canFarmSnow() {

if (block.timestamp >= i_farmingOver) {

revert S__SnowFarmingOver();

}

Risk

Likelihood:

The issue deterministically occurs once the farming duration has elapsed
All functions guarded by canFarmSnow are affected

Impact:

Snow tokens can continue to be minted indefinitely
The token’s monetary policy and supply assumptions are violated

Proof of Concept

Scenario

The Snow token is designed to be minted only during a fixed farming period of 12 weeks after deployment.
Once the farming period ends, all minting-related functions (buySnow and earnSnow) are expected to permanently revert.

However, due to an incorrect timestamp comparison in the canFarmSnow modifier, Snow minting remains possible after the farming period has ended.

function test_MintAfterFarmingEnds() public {

// 1. Deploy Snow contract

Snow snow = new Snow(address(weth), buyFee, collector);

// 2. Fast-forward time to after farming ends

vm.warp(block.timestamp + 12 weeks + 1);

// 3. Call earnSnow() after farming period

snow.earnSnow();

// 4. Verify that Snow was minted

assertEq(snow.balanceOf(address(this)), 1);

}

Step-by-Step Attack Flow

The Snow contract is deployed at time T0.

The farming end timestamp is set as:

i_farmingOver = T0 + 12 weeks;

Time progresses beyond the farming deadline (block.timestamp > i_farmingOver).

A user calls earnSnow() or buySnow().

The canFarmSnow modifier does not prevent execution, and Snow tokens are minted successfully.

Recommended Mitigation

- if (block.timestamp >= i_farmingOver) {

+ if (block.timestamp <= i_farmingOver) {

Or refactor the modifier to more clearly reflect its intended semantics.

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge 12 days ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!