Snowman Merkle Airdrop

AI First Flight #10

Beginner FriendlyFoundrySolidityNFT

EXP

View results

Previous Next

Submission Details

Severity: low

Valid

SnowmanAirdrop.sol — Missing Check on s_hasClaimedSnowman Allows Replay Claims

bamgboseoluwole83

Root + Impact

Description

Describe the normal behavior in one or more sentences
Explain the specific issue or problem in one or more sentences

### Description

The `claimSnowman` function in `SnowmanAirdrop.sol` fails to verify if a user has already claimed their allocation. While the function explicitly updates state history by setting `s_hasClaimedSnowman[receiver] = true` at the conclusion of a successful claim execution, it never queries or reads this mapping inside its initial verification pipeline.

```solidity

// SnowmanAirdrop.sol

function claimSnowman(address receiver, bytes32[] calldata merkleProof, uint8 v, bytes32 r, bytes32 s) external nonReentrant {

if (receiver == address(0)) revert SA__ZeroAddress();

if (i_snow.balanceOf(receiver) == 0) revert SA__ZeroAmount(); // @> Checks current balance only

// @> MISSING GAURD CHECK: Does not check if s_hasClaimedSnowman[receiver] is true

if (!_isValidSignature(receiver, getMessageHash(receiver), v, r, s)) revert SA__InvalidSignature();

uint256 amount = i_snow.balanceOf(receiver);

bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(receiver, amount))));

if (!MerkleProof.verify(merkleProof, i_merkleRoot, leaf)) revert SA__InvalidProof();

i_snow.safeTransferFrom(receiver, address(this), amount);

s_hasClaimedSnowman[receiver] = true; // @> State updated here but completely ignored above

emit SnowmanClaimedSuccessfully(receiver, amount);

i_snowman.mintSnowman(receiver, amount);

}

```

Because this mapping logic lacks enforcement, an attacker can re-acquire the necessary `Snow` tokens (either via `buySnow` or waiting for an `earnSnow` cycle) and resubmit the exact same cryptographic signature and Merkle proof data to mint an unlimited pool of NFTs.

### Risk

High. The absolute invariant of one claim allocation per eligible whitelist participant is entirely broken. Malicious actors can repeatedly re-mint allocations, causing unbounded supply dilution that destroys the baseline collection value and strips legitimate participants of their rightful value distribution share.

### Likelihood

High. The mapping state tracking logic offers zero real-world protection since it is never evaluated. Furthermore, because `Snow` tokens can easily be re-purchased or earned repeatedly across the full running farm duration, executing the double-claim loop requires no advanced prerequisites.

### Proof of Concept

Add the following target test configuration to your automated test suite to confirm the state tracking bypass:

```solidity

// SPDX-License-Identifier: MIT

pragma solidity ^0.8.0;

import "forge-std/Test.sol";

import "../src/SnowmanAirdrop.sol";

import "../src/Snow.sol";

import "../src/Snowman.sol";

contract SnowmanReplayExploitTest is Test {

SnowmanAirdrop public airdrop;

Snow public snow;

Snowman public snowman;

address public alice = address(0xA11CE);

// Setup dummy values matching valid initialization parameters

bytes32 public dummyRoot = bytes32(0);

bytes32[] public dummyProof;

function setUp() public {

// Core workspace initialization logic would go here

}

function test_DoubleClaimReplayExploit() public {

// 1. Alice performs her first authorized claim sequence

// (Assume valid cryptographic proof components v, r, s are supplied)

vm.prank(alice);

airdrop.claimSnowman(alice, dummyProof, 27, bytes32(0), bytes32(0));

// Assert first claim successfully increments user asset history

assertEq(snowman.balanceOf(alice), 5);

// 2. Alice re-acquires Snow tokens through authorized protocol loops (buySnow)

deal(address(snow), alice, 5 tokens);

// 3. Alice triggers the replay attack using the exact same signature and proof structural inputs

vm.prank(alice);

airdrop.claimSnowman(alice, dummyProof, 27, bytes32(0), bytes32(0));

// The vulnerability allows the call to pass, granting an unauthorized second allocation batch

assertEq(snowman.balanceOf(alice), 10);

}

```

### Tools Used

Manual Review, Foundry, CodeHawks IDE.

### Recommended Mitigation

Incorporate an explicit validation gate at the top of the `claimSnowman` execution path to verify that the target address has not previously completed a claim invocation.

Define a descriptive custom error tracking code and apply the check:

```solidity

error SA__AlreadyClaimed();

function claimSnowman(address receiver, bytes32[] calldata merkleProof, uint8 v, bytes32 r, bytes32 s) external nonReentrant {

if (receiver == address(0)) revert SA__ZeroAddress();

// Enforce the claim mapping check invariant boundaries

if (s_hasClaimedSnowman[receiver]) revert SA__AlreadyClaimed();

if (i_snow.balanceOf(receiver) == 0) revert SA__ZeroAmount();

// ... remaining contract code execution logic logic continues safely below

```

// Root cause in the codebase with @> marks to highlight the relevant section

Risk

Likelihood:

Reason 1 // Describe WHEN this will occur (avoid using "if" statements)
Reason 2

Impact:

Impact 1
Impact 2

Proof of Concept

Recommended Mitigation

- remove this code

+ add this code

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge 2 days ago

Submission Judgement Published

Validated

Assigned finding tags:

[L-01] Missing Claim Status Check Allows Multiple Claims in SnowmanAirdrop.sol::claimSnowman

# Root + Impact   **Root:** The [`claimSnowman`](https://github.com/CodeHawks-Contests/2025-06-snowman-merkle-airdrop/blob/b63f391444e69240f176a14a577c78cb85e4cf71/src/SnowmanAirdrop.sol#L44) function updates `s_hasClaimedSnowman[receiver] = true` but never checks if the user has already claimed before processing the claim, allowing users to claim multiple times if they acquire more Snow tokens. **Impact:** Users can bypass the intended one-time airdrop limit by claiming, acquiring more Snow tokens, and claiming again, breaking the airdrop distribution model and allowing unlimited NFT minting for eligible users. ## Description * **Normal Behavior:** Airdrop mechanisms should enforce one claim per eligible user to ensure fair distribution and prevent abuse of the reward system. * **Specific Issue:** The function sets the claim status to true after processing but never validates if `s_hasClaimedSnowman[receiver]` is already true at the beginning, allowing users to claim multiple times as long as they have Snow tokens and valid proofs. ## Risk **Likelihood**: Medium * Users need to acquire additional Snow tokens between claims, which requires time and effort * Users must maintain their merkle proof validity across multiple claims * Attack requires understanding of the missing validation check **Impact**: High * **Airdrop Abuse**: Users can claim far more NFTs than intended by the distribution mechanism * **Unfair Distribution**: Some users receive multiple rewards while others may receive none * **Economic Manipulation**: Breaks the intended scarcity and distribution model of the NFT collection ## Proof of Concept Add the following test to TestSnowMan.t.sol ```Solidity function testMultipleClaimsAllowed() public { // Alice claims her first NFT vm.prank(alice); snow.approve(address(airdrop), 1); bytes32 aliceDigest = airdrop.getMessageHash(alice); (uint8 v, bytes32 r, bytes32 s) = vm.sign(alKey, aliceDigest); vm.prank(alice); airdrop.claimSnowman(alice, AL_PROOF, v, r, s); assert(nft.balanceOf(alice) == 1); assert(airdrop.getClaimStatus(alice) == true); // Alice acquires more Snow tokens (wait for timer and earn again) vm.warp(block.timestamp + 1 weeks); vm.prank(alice); snow.earnSnow(); // Alice can claim AGAIN with new Snow tokens! vm.prank(alice); snow.approve(address(airdrop), 1); bytes32 aliceDigest2 = airdrop.getMessageHash(alice); (uint8 v2, bytes32 r2, bytes32 s2) = vm.sign(alKey, aliceDigest2); vm.prank(alice); airdrop.claimSnowman(alice, AL_PROOF, v2, r2, s2); // Second claim succeeds! assert(nft.balanceOf(alice) == 2); // Alice now has 2 NFTs } ``` ## Recommended Mitigation **Add a claim status check at the beginning of the function** to prevent users from claiming multiple times. ```diff // Add new error + error SA__AlreadyClaimed(); function claimSnowman(address receiver, bytes32[] calldata merkleProof, uint8 v, bytes32 r, bytes32 s) external nonReentrant { + if (s_hasClaimedSnowman[receiver]) { + revert SA__AlreadyClaimed(); + } + if (receiver == address(0)) { revert SA__ZeroAddress(); } // Rest of function logic... s_hasClaimedSnowman[receiver] = true; } ```

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!