Snowman Merkle Airdrop

AI First Flight #10
Beginner FriendlyFoundrySolidityNFT
EXP
View results
Submission Details
Severity: low
Valid

Missing claim-status check in SnowmanAirdrop::claimSnowman allows unlimited repeat claims

Root + Impact

Description

  • claimSnowman is meant to allow each whitelisted address to redeem its Snowman NFT allocation exactly once. The contract stores a boolean flag for this purpose, s_hasClaimedSnowman, but never checks it before processing a claim.

function claimSnowman(
address receiver,
bytes32[] calldata merkleProof,
uint8 v, bytes32 r, bytes32 s
) external nonReentrant {
if (receiver == address(0)) revert SA__ZeroAddress();
if (i_snow.balanceOf(receiver) == 0) revert SA__ZeroAmount();
@> // no check of s_hasClaimedSnowman[receiver] here before proceeding
if (!_isValidSignature(receiver, getMessageHash(receiver), v, r, s)) {
revert SA__InvalidSignature();
}
uint256 amount = i_snow.balanceOf(receiver); // live balance, not a fixed allocation
bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(receiver, amount))));
if (!MerkleProof.verify(merkleProof, i_merkleRoot, leaf)) revert SA__InvalidProof();
i_snow.safeTransferFrom(receiver, address(this), amount);
@> s_hasClaimedSnowman[receiver] = true; // written but never read anywhere
emit SnowmanClaimedSuccessfully(receiver, amount);
i_snowman.mintSnowman(receiver, amount);
}

Risk

Likelihood:

  • Requires the attacker/user to reacquire their committed Snow balance between claims, which is straightforward via the weekly earnSnow faucet or instantly via buySnow, so this is realistically achievable by any whitelisted address, not just a sophisticated attacker.

Impact:

  • Any whitelisted address can claim its Snowman NFT allocation an unbounded number of times, breaking the "one allocation, one claim" invariant fundamental to an airdrop.

Leads to uncontrolled inflation of the Snowman NFT supply per compromised address.

Proof of Concept

function test_replayClaim() public {
vm.prank(alice);
snow.approve(address(airdrop), 1);
bytes32 alDigest = airdrop.getMessageHash(alice);
(uint8 alV, bytes32 alR, bytes32 alS) = vm.sign(alKey, alDigest);
vm.prank(satoshi);
airdrop.claimSnowman(alice, AL_PROOF, alV, alR, alS);
assert(nft.balanceOf(alice) == 1);
vm.warp(block.timestamp + 1 weeks);
vm.prank(alice);
snow.earnSnow();
assert(snow.balanceOf(alice) == 1);
vm.prank(alice);
snow.approve(address(airdrop), 1);
// bytes32 alDigest = airdrop.getMessageHash(alice);
// (uint8 alV, bytes32 alR, bytes32 alS) = vm.sign(alKey, alDigest);
vm.prank(satoshi);
airdrop.claimSnowman(alice, AL_PROOF, alV, alR, alS);
assert(nft.balanceOf(alice) == 2);
assert(nft.ownerOf(0) == alice);
assert(nft.ownerOf(1) == alice);
assertTrue(airdrop.getClaimStatus(alice));
}

The test walks through one honest claim, then deliberately removes the only thing standing in the way of a second claim — Alice's Snow balance dropping to 0 — by having her re-earn back up to the exact balance her Merkle leaf commits to. The same Merkle proof and the same signature (no re-signing needed, since the digest depends on a balance that is now identical to before) are then reused for a second claimSnowman call, which succeeds. The final assertions show Alice holding two NFTs from a single allocation, with s_hasClaimedSnowman[alice] having been true throughout — proving the flag exists but was never enforced.



Recommended Mitigation

function claimSnowman(
address receiver,
bytes32[] calldata merkleProof,
uint8 v, bytes32 r, bytes32 s
) external nonReentrant {
if (receiver == address(0)) revert SA__ZeroAddress();
+ if (s_hasClaimedSnowman[receiver]) revert SA__AlreadyClaimed();
if (i_snow.balanceOf(receiver) == 0) revert SA__ZeroAmount();
...
Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 6 hours ago
Submission Judgement Published
Validated
Assigned finding tags:

[L-01] Missing Claim Status Check Allows Multiple Claims in SnowmanAirdrop.sol::claimSnowman

# Root + Impact   **Root:** The [`claimSnowman`](https://github.com/CodeHawks-Contests/2025-06-snowman-merkle-airdrop/blob/b63f391444e69240f176a14a577c78cb85e4cf71/src/SnowmanAirdrop.sol#L44) function updates `s_hasClaimedSnowman[receiver] = true` but never checks if the user has already claimed before processing the claim, allowing users to claim multiple times if they acquire more Snow tokens. **Impact:** Users can bypass the intended one-time airdrop limit by claiming, acquiring more Snow tokens, and claiming again, breaking the airdrop distribution model and allowing unlimited NFT minting for eligible users. ## Description * **Normal Behavior:** Airdrop mechanisms should enforce one claim per eligible user to ensure fair distribution and prevent abuse of the reward system. * **Specific Issue:** The function sets the claim status to true after processing but never validates if `s_hasClaimedSnowman[receiver]` is already true at the beginning, allowing users to claim multiple times as long as they have Snow tokens and valid proofs. ## Risk **Likelihood**: Medium * Users need to acquire additional Snow tokens between claims, which requires time and effort * Users must maintain their merkle proof validity across multiple claims * Attack requires understanding of the missing validation check **Impact**: High * **Airdrop Abuse**: Users can claim far more NFTs than intended by the distribution mechanism * **Unfair Distribution**: Some users receive multiple rewards while others may receive none * **Economic Manipulation**: Breaks the intended scarcity and distribution model of the NFT collection ## Proof of Concept Add the following test to TestSnowMan.t.sol  ```Solidity function testMultipleClaimsAllowed() public { // Alice claims her first NFT vm.prank(alice); snow.approve(address(airdrop), 1); bytes32 aliceDigest = airdrop.getMessageHash(alice); (uint8 v, bytes32 r, bytes32 s) = vm.sign(alKey, aliceDigest); vm.prank(alice); airdrop.claimSnowman(alice, AL_PROOF, v, r, s); assert(nft.balanceOf(alice) == 1); assert(airdrop.getClaimStatus(alice) == true); // Alice acquires more Snow tokens (wait for timer and earn again) vm.warp(block.timestamp + 1 weeks); vm.prank(alice); snow.earnSnow(); // Alice can claim AGAIN with new Snow tokens! vm.prank(alice); snow.approve(address(airdrop), 1); bytes32 aliceDigest2 = airdrop.getMessageHash(alice); (uint8 v2, bytes32 r2, bytes32 s2) = vm.sign(alKey, aliceDigest2); vm.prank(alice); airdrop.claimSnowman(alice, AL_PROOF, v2, r2, s2); // Second claim succeeds! assert(nft.balanceOf(alice) == 2); // Alice now has 2 NFTs } ``` ## Recommended Mitigation **Add a claim status check at the beginning of the function** to prevent users from claiming multiple times. ```diff // Add new error + error SA__AlreadyClaimed(); function claimSnowman(address receiver, bytes32[] calldata merkleProof, uint8 v, bytes32 r, bytes32 s) external nonReentrant { + if (s_hasClaimedSnowman[receiver]) { + revert SA__AlreadyClaimed(); + } + if (receiver == address(0)) { revert SA__ZeroAddress(); } // Rest of function logic... s_hasClaimedSnowman[receiver] = true; } ```

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!