SnowmanAirdrop::claimSnowman rebuilds the Merkle leaf from the live balance, not the snapshot amount, locking out eligible claimers
Root + Impact
Description
The airdrop's Merkle tree is built off-chain from a snapshot that commits each address to a fixed staked amount, and i_merkleRoot is immutable. claimSnowman takes no amount parameter; it rebuilds the leaf from the receiver's current balance, so the proof only verifies when the live balance exactly equals the committed amount. Any drift between snapshot and claim (earning or buying Snow, a normal transfer, or a 1-unit dust from a griefer) makes the leaf differ from the tree and the claim reverts.
Risk
Likelihood:
Snow balances drift during normal use (earnSnow mints +1 weekly, buySnow mints more, transfers move it), and any holder can dust an unclaimed eligible address with 1 unit to brick its claim on demand.
Impact: Eligible users are permanently locked out of their airdrop once their balance differs from the snapshot, with no recovery since the root is immutable and there is no amount parameter to supply the original value.
Proof of Concept
Self-contained Foundry test. A single-leaf tree commits alice to a snapshot amount of 1 (for a one-leaf tree the root is the leaf and the proof is empty). Alice is genuinely eligible, but once her balance drifts to 2 the claim reverts. A positive-control test (testClaimSucceedsAtSnapshotBalance) confirms the same claim succeeds when she holds exactly 1, proving only the drift breaks it.
Result: [PASS] testBalanceDriftLocksOutEligibleClaimer() and [PASS] testClaimSucceedsAtSnapshotBalance().
Recommended Mitigation
Pass the committed snapshot amount as a parameter, build the leaf and the EIP-712 signed message from it instead of from balanceOf, and transfer exactly that amount. This decouples eligibility from the live balance, so normal balance drift no longer breaks a valid claim.
Lead Judging Commences
[M-01] DoS to a user trying to claim a Snowman
# Root + Impact ## Description * Users will approve a specific amount of Snow to the SnowmanAirdrop and also sign a message with their address and that same amount, in order to be able to claim the NFT * Because the current amount of Snow owned by the user is used in the verification, an attacker could forcefully send Snow to the receiver in a front-running attack, to prevent the receiver from claiming the NFT.  ```Solidity function getMessageHash(address receiver) public view returns (bytes32) { ... // @audit HIGH An attacker could send 1 wei of Snow token to the receiver and invalidate the signature, causing the receiver to never be able to claim their Snowman uint256 amount = i_snow.balanceOf(receiver); return _hashTypedDataV4( keccak256(abi.encode(MESSAGE_TYPEHASH, SnowmanClaim({receiver: receiver, amount: amount}))) ); ``` ## Risk **Likelihood**: * The attacker must purchase Snow and forcefully send it to the receiver in a front-running attack, so the likelihood is Medium **Impact**: * The impact is High as it could lock out the receiver from claiming forever ## Proof of Concept The attack consists on Bob sending an extra Snow token to Alice before Satoshi claims the NFT on behalf of Alice. To showcase the risk, the extra Snow is earned for free by Bob. ```Solidity function testDoSClaimSnowman() public { assert(snow.balanceOf(alice) == 1); // Get alice's digest while the amount is still 1 bytes32 alDigest = airdrop.getMessageHash(alice); // alice signs a message (uint8 alV, bytes32 alR, bytes32 alS) = vm.sign(alKey, alDigest); vm.startPrank(bob); vm.warp(block.timestamp + 1 weeks); snow.earnSnow(); assert(snow.balanceOf(bob) == 2); snow.transfer(alice, 1); // Alice claim test assert(snow.balanceOf(alice) == 2); vm.startPrank(alice); snow.approve(address(airdrop), 1); // satoshi calls claims on behalf of alice using her signed message vm.startPrank(satoshi); vm.expectRevert(); airdrop.claimSnowman(alice, AL_PROOF, alV, alR, alS); } ``` ## Recommended Mitigation Include the amount to be claimed in both `getMessageHash` and `claimSnowman` instead of reading it from the Snow contract. Showing only the new code in the section below ```Python function claimSnowman(address receiver, uint256 amount, bytes32[] calldata merkleProof, uint8 v, bytes32 r, bytes32 s) external nonReentrant { ... bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(receiver, amount)))); if (!MerkleProof.verify(merkleProof, i_merkleRoot, leaf)) { revert SA__InvalidProof(); } // @audit LOW Seems like using the ERC20 permit here would allow for both the delegation of the claim and the transfer of the Snow tokens in one transaction i_snow.safeTransferFrom(receiver, address(this), amount); // send ... } ```
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Judging
Submissions are being reviewed by our AI judge. Results will be available in a few minutes.
View all submissionsRewards Distribution
The contest is complete and the rewards are being distributed.