Snowman Merkle Airdrop

AI First Flight #10

Beginner FriendlyFoundrySolidityNFT

EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

Merkle Proof Validation Uses Mutable Snow Balance (TOCTOU)

sexretxt

Root + Impact

Description

Normal Behavior

The Merkle tree is expected to represent a fixed snapshot of eligible recipients and their corresponding claim amounts.
Each claim should be validated against this immutable snapshot to ensure fairness and correctness.

Issue

The contract derives the Merkle leaf amount from the current Snow balance of the receiver instead of a fixed value committed to the Merkle tree.

uint256 amount = i_snow.balanceOf(receiver);

bytes32 leaf = keccak256(

bytes.concat(

keccak256(abi.encode(receiver, amount))

)

);

Because i_snow.balanceOf(receiver) is mutable, a user can manipulate their balance after signing the message or after the Merkle tree was generated, causing the proof to validate against a larger amount than originally intended.

This introduces a Time-of-Check / Time-of-Use (TOCTOU) vulnerability.

Risk

Likelihood:

Reason 1: Snow tokens can be freely bought or transferred before claiming.
Reason 2: The amount used in Merkle verification is fetched at execution time.
Reason 3: No mechanism enforces a fixed snapshot amount.

Impact:

Impact 1: Claimants can mint more Snowman NFTs than allocated in the Merkle tree.
Impact 2:The airdrop distribution becomes unfair and inaccurate.
Impact 3:The integrity of the Merkle-based airdrop is compromised.

Proof of Concept

The exploit works because the Merkle proof validates against a balance that can change between snapshot creation and claim execution.

1. A Merkle tree is generated with (receiver, amount = 10 Snow).

2. The receiver signs a valid SnowmanClaim message.

3. Before calling claimSnowman(), the receiver buys or transfers additional Snow tokens.

4. The receiver’s Snow balance becomes 100.

5. claimSnowman() uses balanceOf(receiver) = 100 to construct the Merkle leaf.

6. The proof validates and 100 Snowman NFTs are minted instead of 10.

Recommended Mitigation

Use a fixed claim amount stored in the Merkle tree and passed explicitly to the claimSnowman function, rather than deriving it from the current token balance.

-function claimSnowman(address receiver, bytes32[] calldata merkleProof, ...)

+function claimSnowman(address receiver, uint256 amount, bytes32[] calldata merkleProof, ...)

Then validate the proof using the provided amount, and ensure the signed message also commits to this fixed value.

This guarantees that:

Merkle verification uses immutable data
Claim amounts cannot be manipulated post-snapshot

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge 1 day ago

Submission Judgement Published

Validated

Assigned finding tags:

[M-01] DoS to a user trying to claim a Snowman

# Root + Impact ## Description * Users will approve a specific amount of Snow to the SnowmanAirdrop and also sign a message with their address and that same amount, in order to be able to claim the NFT * Because the current amount of Snow owned by the user is used in the verification, an attacker could forcefully send Snow to the receiver in a front-running attack, to prevent the receiver from claiming the NFT.  ```Solidity function getMessageHash(address receiver) public view returns (bytes32) { ... // @audit HIGH An attacker could send 1 wei of Snow token to the receiver and invalidate the signature, causing the receiver to never be able to claim their Snowman uint256 amount = i_snow.balanceOf(receiver); return _hashTypedDataV4( keccak256(abi.encode(MESSAGE_TYPEHASH, SnowmanClaim({receiver: receiver, amount: amount}))) ); ``` ## Risk **Likelihood**: * The attacker must purchase Snow and forcefully send it to the receiver in a front-running attack, so the likelihood is Medium **Impact**: * The impact is High as it could lock out the receiver from claiming forever ## Proof of Concept The attack consists on Bob sending an extra Snow token to Alice before Satoshi claims the NFT on behalf of Alice. To showcase the risk, the extra Snow is earned for free by Bob. ```Solidity function testDoSClaimSnowman() public { assert(snow.balanceOf(alice) == 1); // Get alice's digest while the amount is still 1 bytes32 alDigest = airdrop.getMessageHash(alice); // alice signs a message (uint8 alV, bytes32 alR, bytes32 alS) = vm.sign(alKey, alDigest); vm.startPrank(bob); vm.warp(block.timestamp + 1 weeks); snow.earnSnow(); assert(snow.balanceOf(bob) == 2); snow.transfer(alice, 1); // Alice claim test assert(snow.balanceOf(alice) == 2); vm.startPrank(alice); snow.approve(address(airdrop), 1); // satoshi calls claims on behalf of alice using her signed message vm.startPrank(satoshi); vm.expectRevert(); airdrop.claimSnowman(alice, AL_PROOF, alV, alR, alS); } ``` ## Recommended Mitigation Include the amount to be claimed in both `getMessageHash` and `claimSnowman` instead of reading it from the Snow contract. Showing only the new code in the section below ```Python function claimSnowman(address receiver, uint256 amount, bytes32[] calldata merkleProof, uint8 v, bytes32 r, bytes32 s) external nonReentrant { ... bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(receiver, amount)))); if (!MerkleProof.verify(merkleProof, i_merkleRoot, leaf)) { revert SA__InvalidProof(); } // @audit LOW Seems like using the ERC20 permit here would allow for both the delegation of the claim and the transfer of the Snow tokens in one transaction i_snow.safeTransferFrom(receiver, address(this), amount); // send ... } ```

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!