Snowman Merkle Airdrop

AI First Flight #10

Beginner FriendlyFoundrySolidityNFT

EXP

View results

Previous Next

Submission Details

Severity: low

Valid

Missing claim guard allows repeated airdrop claims

davidderedx2

Root + Impact

Description

Expected behavior: each eligible address claims once for its Merkle snapshot allocation.
Actual behavior: s_hasClaimedSnowman is set but never checked, and the signed payload has no nonce or deadline, so claims can be replayed after the receiver restores their Snow balance.

function claimSnowman(address receiver, bytes32[] calldata merkleProof, uint8 v, bytes32 r, bytes32 s)

external

nonReentrant

{

@ // Missing guard: previously claimed addresses are not blocked

if (receiver == address(0)) {

revert SA__ZeroAddress();

}

if (i_snow.balanceOf(receiver) == 0) {

revert SA__ZeroAmount();

}

if (!_isValidSignature(receiver, getMessageHash(receiver), v, r, s)) {

revert SA__InvalidSignature();

}

uint256 amount = i_snow.balanceOf(receiver);

bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(receiver, amount))));

if (!MerkleProof.verify(merkleProof, i_merkleRoot, leaf)) {

revert SA__InvalidProof();

}

i_snow.safeTransferFrom(receiver, address(this), amount);

@ s_hasClaimedSnowman[receiver] = true;

emit SnowmanClaimedSuccessfully(receiver, amount);

i_snowman.mintSnowman(receiver, amount);

}

Risk

Likelihood:

Any eligible receiver can replay the same proof and signature after rebuying Snow to the snapshot amount.
No nonce/deadline or claim-status check prevents reuse.

Impact:

Multiple claims inflate NFT supply beyond the Merkle allocation.
Airdrop distribution integrity is broken for every replaying address.

Proof of Concept

Path: audit/poc/F-002_ReplayClaim.t.sol

// SPDX-License-Identifier: MIT

pragma solidity ^0.8.24;

import {Test} from "forge-std/Test.sol";

import {Snow} from "src/Snow.sol";

import {Snowman} from "src/Snowman.sol";

import {SnowmanAirdrop} from "src/SnowmanAirdrop.sol";

import {Helper} from "script/Helper.s.sol";

contract ReplayClaimTest is Test {

// Protocol contracts.

Snow private snow;

Snowman private snowman;

SnowmanAirdrop private airdrop;

// Test helper to set up balances and airdrop.

Helper private helper;

// Alice proof values (from script/flakes/output.json and TestSnowmanAirdrop).

bytes32 private constant AL_PROOF_A =

0xf99782cec890699d4947528f9884acaca174602bb028a66d0870534acf241c52;

bytes32 private constant AL_PROOF_B =

0xbc5a8a0aad4a65155abf53bb707aa6d66b11b220ecb672f7832c05613dba82af;

bytes32 private constant AL_PROOF_C =

0x971653456742d62534a5d7594745c292dda6a75c69c43a6a6249523f26e0cac1;

bytes32[] private AL_PROOF = [AL_PROOF_A, AL_PROOF_B, AL_PROOF_C];

// Roles.

address private alice;

uint256 private aliceKey;

address private relayer;

function setUp() public {

helper = new Helper(); // deploy helper for setup

(airdrop, snow, snowman,) = helper.run(); // deploy protocol and seed balances

(alice, aliceKey) = makeAddrAndKey("alice"); // set Alice address and key

relayer = makeAddr("relayer"); // set relayer address

}

function _signForAlice() internal returns (uint8 v, bytes32 r, bytes32 s) {

bytes32 digest = airdrop.getMessageHash(alice); // compute EIP-712 digest

(v, r, s) = vm.sign(aliceKey, digest); // sign digest as Alice

}

function _approveSnow() internal {

vm.prank(alice); // impersonate Alice

snow.approve(address(airdrop), 1); // approve airdrop to transfer Snow

}

function test_ReplayClaimAfterRebuyingSnow() public {

_approveSnow(); // approve for first claim

(uint8 v, bytes32 r, bytes32 s) = _signForAlice(); // sign claim once

vm.prank(relayer); // impersonate relayer

airdrop.claimSnowman(alice, AL_PROOF, v, r, s); // submit first claim

assertEq(snowman.balanceOf(alice), 1); // confirm first mint

uint256 fee = snow.s_buyFee(); // read ETH price for 1 Snow

vm.deal(alice, fee); // fund Alice for buy

vm.prank(alice); // impersonate Alice

snow.buySnow{value: fee}(1); // rebuy Snow to snapshot amount

_approveSnow(); // approve for second claim

vm.prank(relayer); // impersonate relayer again

airdrop.claimSnowman(alice, AL_PROOF, v, r, s); // replay claim

assertEq(snowman.balanceOf(alice), 2); // confirm replayed mint

}

function test_ClaimSucceedsEvenWhenClaimStatusTrue() public {

_approveSnow(); // approve for first claim

(uint8 v, bytes32 r, bytes32 s) = _signForAlice(); // sign claim once

vm.prank(relayer); // impersonate relayer

airdrop.claimSnowman(alice, AL_PROOF, v, r, s); // submit first claim

assertTrue(airdrop.getClaimStatus(alice)); // confirm claimed status is true

uint256 fee = snow.s_buyFee(); // read ETH price for 1 Snow

vm.deal(alice, fee); // fund Alice for buy

vm.prank(alice); // impersonate Alice

snow.buySnow{value: fee}(1); // rebuy Snow to snapshot amount

_approveSnow(); // approve for second claim

vm.prank(relayer); // impersonate relayer again

airdrop.claimSnowman(alice, AL_PROOF, v, r, s); // claim again despite status

assertEq(snowman.balanceOf(alice), 2); // confirm second mint succeeded

}

Recommended Mitigation

function claimSnowman(address receiver, bytes32[] calldata merkleProof, uint8 v, bytes32 r, bytes32 s)

external

nonReentrant

{

+ if (s_hasClaimedSnowman[receiver]) {

+ revert SA__AlreadyClaimed();

+ }

if (receiver == address(0)) {

revert SA__ZeroAddress();

}

if (i_snow.balanceOf(receiver) == 0) {

revert SA__ZeroAmount();

}

// Optional: include nonce/deadline in the signed payload to prevent replay

...

}

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 2 hours ago

Submission Judgement Published

Validated

Assigned finding tags:

[L-01] Missing Claim Status Check Allows Multiple Claims in SnowmanAirdrop.sol::claimSnowman

# Root + Impact   **Root:** The [`claimSnowman`](https://github.com/CodeHawks-Contests/2025-06-snowman-merkle-airdrop/blob/b63f391444e69240f176a14a577c78cb85e4cf71/src/SnowmanAirdrop.sol#L44) function updates `s_hasClaimedSnowman[receiver] = true` but never checks if the user has already claimed before processing the claim, allowing users to claim multiple times if they acquire more Snow tokens. **Impact:** Users can bypass the intended one-time airdrop limit by claiming, acquiring more Snow tokens, and claiming again, breaking the airdrop distribution model and allowing unlimited NFT minting for eligible users. ## Description * **Normal Behavior:** Airdrop mechanisms should enforce one claim per eligible user to ensure fair distribution and prevent abuse of the reward system. * **Specific Issue:** The function sets the claim status to true after processing but never validates if `s_hasClaimedSnowman[receiver]` is already true at the beginning, allowing users to claim multiple times as long as they have Snow tokens and valid proofs. ## Risk **Likelihood**: Medium * Users need to acquire additional Snow tokens between claims, which requires time and effort * Users must maintain their merkle proof validity across multiple claims * Attack requires understanding of the missing validation check **Impact**: High * **Airdrop Abuse**: Users can claim far more NFTs than intended by the distribution mechanism * **Unfair Distribution**: Some users receive multiple rewards while others may receive none * **Economic Manipulation**: Breaks the intended scarcity and distribution model of the NFT collection ## Proof of Concept Add the following test to TestSnowMan.t.sol ```Solidity function testMultipleClaimsAllowed() public { // Alice claims her first NFT vm.prank(alice); snow.approve(address(airdrop), 1); bytes32 aliceDigest = airdrop.getMessageHash(alice); (uint8 v, bytes32 r, bytes32 s) = vm.sign(alKey, aliceDigest); vm.prank(alice); airdrop.claimSnowman(alice, AL_PROOF, v, r, s); assert(nft.balanceOf(alice) == 1); assert(airdrop.getClaimStatus(alice) == true); // Alice acquires more Snow tokens (wait for timer and earn again) vm.warp(block.timestamp + 1 weeks); vm.prank(alice); snow.earnSnow(); // Alice can claim AGAIN with new Snow tokens! vm.prank(alice); snow.approve(address(airdrop), 1); bytes32 aliceDigest2 = airdrop.getMessageHash(alice); (uint8 v2, bytes32 r2, bytes32 s2) = vm.sign(alKey, aliceDigest2); vm.prank(alice); airdrop.claimSnowman(alice, AL_PROOF, v2, r2, s2); // Second claim succeeds! assert(nft.balanceOf(alice) == 2); // Alice now has 2 NFTs } ``` ## Recommended Mitigation **Add a claim status check at the beginning of the function** to prevent users from claiming multiple times. ```diff // Add new error + error SA__AlreadyClaimed(); function claimSnowman(address receiver, bytes32[] calldata merkleProof, uint8 v, bytes32 r, bytes32 s) external nonReentrant { + if (s_hasClaimedSnowman[receiver]) { + revert SA__AlreadyClaimed(); + } + if (receiver == address(0)) { revert SA__ZeroAddress(); } // Rest of function logic... s_hasClaimedSnowman[receiver] = true; } ```

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!