Snowman Merkle Airdrop

AI First Flight #10

Beginner FriendlyFoundrySolidityNFT

EXP

View results

Previous Next

Submission Details

Severity: low

Valid

Missing Claim Replay Protection Allows Repeat Airdrop Claims

dumebi042

Root + Impact

Description

The intended behavior is that each eligible address can claim its Snowman NFT allocation once. The contract even stores claim status in s_hasClaimedSnowman, which indicates the design expects one successful claim per receiver.
The issue is that claimSnowman writes s_hasClaimedSnowman[receiver] = true after a successful claim, but never checks this value before allowing a claim. A user can claim once, later regain the same Snow balance used in the Merkle leaf, and reuse the same proof and signature to claim again.

// Root cause in the codebase with @> marks to highlight the relevant section

function claimSnowman(address receiver, bytes32[] calldata merkleProof, uint8 v, bytes32 r, bytes32 s)

external

nonReentrant

{

if (receiver == address(0)) {

revert SA__ZeroAddress();

}

@> if (i_snow.balanceOf(receiver) == 0) {

revert SA__ZeroAmount();

}

if (!_isValidSignature(receiver, getMessageHash(receiver), v, r, s)) {

revert SA__InvalidSignature();

}

@> uint256 amount = i_snow.balanceOf(receiver);

bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(receiver, amount))));

if (!MerkleProof.verify(merkleProof, i_merkleRoot, leaf)) {

revert SA__InvalidProof();

}

i_snow.safeTransferFrom(receiver, address(this), amount);

@> s_hasClaimedSnowman[receiver] = true;

emit SnowmanClaimedSuccessfully(receiver, amount);

i_snowman.mintSnowman(receiver, amount);

}

Risk

Likelihood: Medium

The contract records claim status but does not enforce it.
Reuse occurs once the receiver obtains the same Snow balance as the Merkle allocation again.
The same EIP-712 signature remains valid because there is no nonce, deadline, or consumed-claim check.

Impact: High

Eligible users can mint more NFTs than their intended allocation.
Airdrop supply accounting can be inflated.
The Merkle root no longer provides one-time distribution guarantees.

Proof of Concept

This PoC shows the replay path. Alice claims once, receives her NFT, then obtains the same Snow balance again. Because the contract does not check s_hasClaimedSnowman[alice], Alice can reuse the original proof and signature to claim a second NFT allocation.

function testReplayClaimAfterReacquiringSnow() public {

address alice;

uint256 aliceKey;

(alice, aliceKey) = makeAddrAndKey("alice");

// Alice approves and signs her first valid claim.

vm.prank(alice);

snow.approve(address(airdrop), 1);

bytes32 digest = airdrop.getMessageHash(alice);

(uint8 v, bytes32 r, bytes32 s) = vm.sign(aliceKey, digest);

// First claim succeeds.

airdrop.claimSnowman(alice, AL_PROOF, v, r, s);

assertEq(nft.balanceOf(alice), 1);

assertTrue(airdrop.getClaimStatus(alice));

// Alice reacquires the same Snow balance encoded in the Merkle tree.

vm.warp(block.timestamp + 1 weeks);

vm.prank(alice);

snow.earnSnow();

vm.prank(alice);

snow.approve(address(airdrop), 1);

// The same proof and signature can be reused.

airdrop.claimSnowman(alice, AL_PROOF, v, r, s);

assertEq(nft.balanceOf(alice), 2);

}

Recommended Mitigation

Check claim status at the start of claimSnowman and revert when the receiver has already claimed. This makes the existing s_hasClaimedSnowman mapping enforce its intended purpose.

For stronger replay protection, include a nonce or claim identifier in the signed EIP-712 message and mark it consumed. However, for this Merkle airdrop design, enforcing s_hasClaimedSnowman[receiver] is the direct fix.

+ error SA__AlreadyClaimed();

function claimSnowman(address receiver, bytes32[] calldata merkleProof, uint8 v, bytes32 r, bytes32 s)

external

nonReentrant

{

if (receiver == address(0)) {

revert SA__ZeroAddress();

}

+ if (s_hasClaimedSnowman[receiver]) {

+ revert SA__AlreadyClaimed();

+ }

if (i_snow.balanceOf(receiver) == 0) {

revert SA__ZeroAmount();

}

...

}

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge 4 days ago

Submission Judgement Published

Validated

Assigned finding tags:

[L-01] Missing Claim Status Check Allows Multiple Claims in SnowmanAirdrop.sol::claimSnowman

# Root + Impact   **Root:** The [`claimSnowman`](https://github.com/CodeHawks-Contests/2025-06-snowman-merkle-airdrop/blob/b63f391444e69240f176a14a577c78cb85e4cf71/src/SnowmanAirdrop.sol#L44) function updates `s_hasClaimedSnowman[receiver] = true` but never checks if the user has already claimed before processing the claim, allowing users to claim multiple times if they acquire more Snow tokens. **Impact:** Users can bypass the intended one-time airdrop limit by claiming, acquiring more Snow tokens, and claiming again, breaking the airdrop distribution model and allowing unlimited NFT minting for eligible users. ## Description * **Normal Behavior:** Airdrop mechanisms should enforce one claim per eligible user to ensure fair distribution and prevent abuse of the reward system. * **Specific Issue:** The function sets the claim status to true after processing but never validates if `s_hasClaimedSnowman[receiver]` is already true at the beginning, allowing users to claim multiple times as long as they have Snow tokens and valid proofs. ## Risk **Likelihood**: Medium * Users need to acquire additional Snow tokens between claims, which requires time and effort * Users must maintain their merkle proof validity across multiple claims * Attack requires understanding of the missing validation check **Impact**: High * **Airdrop Abuse**: Users can claim far more NFTs than intended by the distribution mechanism * **Unfair Distribution**: Some users receive multiple rewards while others may receive none * **Economic Manipulation**: Breaks the intended scarcity and distribution model of the NFT collection ## Proof of Concept Add the following test to TestSnowMan.t.sol ```Solidity function testMultipleClaimsAllowed() public { // Alice claims her first NFT vm.prank(alice); snow.approve(address(airdrop), 1); bytes32 aliceDigest = airdrop.getMessageHash(alice); (uint8 v, bytes32 r, bytes32 s) = vm.sign(alKey, aliceDigest); vm.prank(alice); airdrop.claimSnowman(alice, AL_PROOF, v, r, s); assert(nft.balanceOf(alice) == 1); assert(airdrop.getClaimStatus(alice) == true); // Alice acquires more Snow tokens (wait for timer and earn again) vm.warp(block.timestamp + 1 weeks); vm.prank(alice); snow.earnSnow(); // Alice can claim AGAIN with new Snow tokens! vm.prank(alice); snow.approve(address(airdrop), 1); bytes32 aliceDigest2 = airdrop.getMessageHash(alice); (uint8 v2, bytes32 r2, bytes32 s2) = vm.sign(alKey, aliceDigest2); vm.prank(alice); airdrop.claimSnowman(alice, AL_PROOF, v2, r2, s2); // Second claim succeeds! assert(nft.balanceOf(alice) == 2); // Alice now has 2 NFTs } ``` ## Recommended Mitigation **Add a claim status check at the beginning of the function** to prevent users from claiming multiple times. ```diff // Add new error + error SA__AlreadyClaimed(); function claimSnowman(address receiver, bytes32[] calldata merkleProof, uint8 v, bytes32 r, bytes32 s) external nonReentrant { + if (s_hasClaimedSnowman[receiver]) { + revert SA__AlreadyClaimed(); + } + if (receiver == address(0)) { revert SA__ZeroAddress(); } // Rest of function logic... s_hasClaimedSnowman[receiver] = true; } ```

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!