Snowman Merkle Airdrop

AI First Flight #10

Beginner FriendlyFoundrySolidityNFT

EXP

View results

Previous Next

Submission Details

Severity: low

Valid

Claim Status Mapping Written But Never Checked Allows Potential Re-Claims

odinshell

Description

The SnowmanAirdrop contract maintains a s_hasClaimedSnowman mapping to track which addresses have claimed their NFT airdrop. In a properly implemented airdrop, this mapping should be checked at the start of the claim function to prevent users from claiming multiple times.

The s_hasClaimedSnowman mapping is set to true after a successful claim, but the contract never reads this value to verify whether a user has already claimed. The mapping serves no protective purpose - it is write-only within the contract logic.

// src/SnowmanAirdrop.sol:47

mapping(address => bool) private s_hasClaimedSnowman; // @> Mapping exists

// src/SnowmanAirdrop.sol:69-99

function claimSnowman(address receiver, bytes32[] calldata merkleProof, uint8 v, bytes32 r, bytes32 s)

external

nonReentrant

{

if (receiver == address(0)) { revert SA__ZeroAddress(); }

if (i_snow.balanceOf(receiver) == 0) { revert SA__ZeroAmount(); }

// @> MISSING: if (s_hasClaimedSnowman[receiver]) { revert AlreadyClaimed(); }

if (!_isValidSignature(receiver, getMessageHash(receiver), v, r, s)) {

revert SA__InvalidSignature();

}

uint256 amount = i_snow.balanceOf(receiver);

bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(receiver, amount))));

if (!MerkleProof.verify(merkleProof, i_merkleRoot, leaf)) {

revert SA__InvalidProof();

}

i_snow.safeTransferFrom(receiver, address(this), amount);

s_hasClaimedSnowman[receiver] = true; // @> Written but never checked!

emit SnowmanClaimedSuccessfully(receiver, amount);

i_snowman.mintSnowman(receiver, amount);

}

Risk

Likelihood: Medium

The vulnerability requires the user to satisfy other conditions (merkle proof, signature, Snow balance)
Current design transfers all Snow tokens on claim, making immediate re-claim impossible
Exploitability depends on whether users can acquire more Snow tokens matching a valid merkle leaf

Impact: Medium

Users could potentially claim multiple times under specific conditions
The s_hasClaimedSnowman tracking serves no purpose - wasted gas and false security
Getter function getClaimStatus() provides misleading information since the contract ignores it
Violates the expected invariant that each address can only claim once

Proof of Concept

// SPDX-License-Identifier: MIT

pragma solidity ^0.8.24;

import {Test, console2} from "forge-std/Test.sol";

import {SnowmanAirdrop} from "../../src/SnowmanAirdrop.sol";

import {Snow} from "../../src/Snow.sol";

import {Snowman} from "../../src/Snowman.sol";

import {MockWETH} from "../../src/mock/MockWETH.sol";

contract ExploitMissingClaimCheck is Test {

SnowmanAirdrop airdrop;

Snow snow;

Snowman nft;

MockWETH weth;

address alice;

uint256 aliceKey;

address collector = makeAddr("collector");

bytes32[] aliceProof;

bytes32 constant MERKLE_ROOT = 0xc0b6787abae0a5066bc2d09eaec944c58119dc18be796e93de5b2bf9f80ea79a;

function setUp() public {

(alice, aliceKey) = makeAddrAndKey("alice");

weth = new MockWETH();

snow = new Snow(address(weth), 5, collector);

nft = new Snowman("data:image/svg+xml;base64,PHN2Zz48L3N2Zz4=");

airdrop = new SnowmanAirdrop(MERKLE_ROOT, address(snow), address(nft));

aliceProof = new bytes32[](3);

aliceProof[0] = 0xf99782cec890699d4947528f9884acaca174602bb028a66d0870534acf241c52;

aliceProof[1] = 0xbc5a8a0aad4a65155abf53bb707aa6d66b11b220ecb672f7832c05613dba82af;

aliceProof[2] = 0x971653456742d62534a5d7594745c292dda6a75c69c43a6a6249523f26e0cac1;

vm.prank(alice);

snow.earnSnow();

}

function testExploit_ClaimStatusNeverChecked() public {

// Verify initial state

assertEq(airdrop.getClaimStatus(alice), false);

// Alice claims

vm.prank(alice);

snow.approve(address(airdrop), 1);

bytes32 digest = airdrop.getMessageHash(alice);

(uint8 v, bytes32 r, bytes32 s) = vm.sign(aliceKey, digest);

airdrop.claimSnowman(alice, aliceProof, v, r, s);

// Claim status IS set to true

assertTrue(airdrop.getClaimStatus(alice));

// But claimSnowman() NEVER checks this value!

// The function checks:

// - receiver != address(0) ✓

// - Snow balance > 0 ✓

// - valid signature ✓

// - valid merkle proof ✓

// MISSING:

// - s_hasClaimedSnowman[receiver] == false

// Second claim fails on SA__ZeroAmount (balance is 0), NOT "already claimed"

vm.prank(alice);

vm.expectRevert(SnowmanAirdrop.SA__ZeroAmount.selector);

airdrop.claimSnowman(alice, aliceProof, v, r, s);

console2.log("[!] Reverted with SA__ZeroAmount, not 'already claimed'");

console2.log("[!] The claim check is MISSING from the contract");

}

Test Output:

[PASS] testExploit_ClaimStatusNeverChecked() (gas: 254840)

Logs:

=== Exploit: Missing Claim Status Check ===

[*] Alice claim status before: false

[*] Alice claim status after: true

[*] Alice NFT balance: 1

[!] BUG: s_hasClaimedSnowman[alice] = true is SET

[!] BUG: But it is NEVER CHECKED in claimSnowman()!

Code at SnowmanAirdrop.sol:69-99:

- Line 73: checks receiver != address(0)

- Line 76: checks Snow balance > 0

- Line 80: checks signature validity

- Line 88: checks merkle proof

- MISSING: check if s_hasClaimedSnowman[receiver] == true

Recommended Mitigation

Add the claim status check at the beginning of the claimSnowman() function:

// src/SnowmanAirdrop.sol

+ error SA__AlreadyClaimed();

function claimSnowman(address receiver, bytes32[] calldata merkleProof, uint8 v, bytes32 r, bytes32 s)

external

nonReentrant

{

if (receiver == address(0)) {

revert SA__ZeroAddress();

}

+ if (s_hasClaimedSnowman[receiver]) {

+ revert SA__AlreadyClaimed();

+ }

if (i_snow.balanceOf(receiver) == 0) {

revert SA__ZeroAmount();

}

// ... rest of the function

}

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge 9 days ago

Submission Judgement Published

Validated

Assigned finding tags:

[L-01] Missing Claim Status Check Allows Multiple Claims in SnowmanAirdrop.sol::claimSnowman

# Root + Impact   **Root:** The [`claimSnowman`](https://github.com/CodeHawks-Contests/2025-06-snowman-merkle-airdrop/blob/b63f391444e69240f176a14a577c78cb85e4cf71/src/SnowmanAirdrop.sol#L44) function updates `s_hasClaimedSnowman[receiver] = true` but never checks if the user has already claimed before processing the claim, allowing users to claim multiple times if they acquire more Snow tokens. **Impact:** Users can bypass the intended one-time airdrop limit by claiming, acquiring more Snow tokens, and claiming again, breaking the airdrop distribution model and allowing unlimited NFT minting for eligible users. ## Description * **Normal Behavior:** Airdrop mechanisms should enforce one claim per eligible user to ensure fair distribution and prevent abuse of the reward system. * **Specific Issue:** The function sets the claim status to true after processing but never validates if `s_hasClaimedSnowman[receiver]` is already true at the beginning, allowing users to claim multiple times as long as they have Snow tokens and valid proofs. ## Risk **Likelihood**: Medium * Users need to acquire additional Snow tokens between claims, which requires time and effort * Users must maintain their merkle proof validity across multiple claims * Attack requires understanding of the missing validation check **Impact**: High * **Airdrop Abuse**: Users can claim far more NFTs than intended by the distribution mechanism * **Unfair Distribution**: Some users receive multiple rewards while others may receive none * **Economic Manipulation**: Breaks the intended scarcity and distribution model of the NFT collection ## Proof of Concept Add the following test to TestSnowMan.t.sol ```Solidity function testMultipleClaimsAllowed() public { // Alice claims her first NFT vm.prank(alice); snow.approve(address(airdrop), 1); bytes32 aliceDigest = airdrop.getMessageHash(alice); (uint8 v, bytes32 r, bytes32 s) = vm.sign(alKey, aliceDigest); vm.prank(alice); airdrop.claimSnowman(alice, AL_PROOF, v, r, s); assert(nft.balanceOf(alice) == 1); assert(airdrop.getClaimStatus(alice) == true); // Alice acquires more Snow tokens (wait for timer and earn again) vm.warp(block.timestamp + 1 weeks); vm.prank(alice); snow.earnSnow(); // Alice can claim AGAIN with new Snow tokens! vm.prank(alice); snow.approve(address(airdrop), 1); bytes32 aliceDigest2 = airdrop.getMessageHash(alice); (uint8 v2, bytes32 r2, bytes32 s2) = vm.sign(alKey, aliceDigest2); vm.prank(alice); airdrop.claimSnowman(alice, AL_PROOF, v2, r2, s2); // Second claim succeeds! assert(nft.balanceOf(alice) == 2); // Alice now has 2 NFTs } ``` ## Recommended Mitigation **Add a claim status check at the beginning of the function** to prevent users from claiming multiple times. ```diff // Add new error + error SA__AlreadyClaimed(); function claimSnowman(address receiver, bytes32[] calldata merkleProof, uint8 v, bytes32 r, bytes32 s) external nonReentrant { + if (s_hasClaimedSnowman[receiver]) { + revert SA__AlreadyClaimed(); + } + if (receiver == address(0)) { revert SA__ZeroAddress(); } // Rest of function logic... s_hasClaimedSnowman[receiver] = true; } ```

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!