Snowman Merkle Airdrop

AI First Flight #10
Beginner FriendlyFoundrySolidityNFT
EXP
View results
Submission Details
Severity: low
Valid

Missing Double-Claim Check Allows Repeated Claims via s_hasClaimedSnowman

Description

claimSnowman() writes s_hasClaimedSnowman[receiver] = true after a successful claim, but never reads that mapping anywhere to block a repeat claim:

function claimSnowman(address receiver, bytes32[] calldata merkleProof, uint8 v, bytes32 r, bytes32 s) external nonReentrant {
...
uint256 amount = i_snow.balanceOf(receiver);
bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(receiver, amount))));
if (!MerkleProof.verify(merkleProof, i_merkleRoot, leaf)) revert SA__InvalidProof();
i_snow.safeTransferFrom(receiver, address(this), amount);
s_hasClaimedSnowman[receiver] = true; // written, never checked
emit SnowmanClaimedSuccessfully(receiver, amount);
i_snowman.mintSnowman(receiver, amount);
}

The only thing preventing an immediate re-claim is the earlier check i_snow.balanceOf(receiver) == 0 (which reverts SA__ZeroAmount()). That guard passes right after a claim, since the claim itself transfers the receiver's entire Snow balance away — leaving balance at 0. But amount and the digest/leaf used for verification are both recomputed live from current balance at call time, not pinned to a one-time allocation. If the receiver's Snow balance becomes non-zero again, they satisfy every check a second time.

Risk

Likelihood: Medium. This isn't a single-transaction exploit — it requires the receiver to first complete a legitimate claim, then bring their Snow balance back to a nonzero amount, which means either waiting out the 1-week earnSnow() cooldown or calling buySnow() again. It's not trivial, but it's well within reach of any user willing to wait a week or spend more Snow, and requires no special privileges or race conditions.

Impact: High. This breaks the airdrop's core invariant — each Merkle-committed allocation should be claimable exactly once. A user (or the same address controlled by an attacker) can repeatedly re-claim and mint additional Snowman NFTs beyond what the Merkle tree allocated them, directly inflating NFT supply and diluting the value of every legitimate holder's allocation.

Proof of Concept

function test_H3_CanClaimTwiceAfterToppingUpSnow() public {
vm.prank(alice);
snow.approve(address(airdrop), 1);
bytes32 alDigest = airdrop.getMessageHash(alice);
(uint8 v1, bytes32 r1, bytes32 s1) = vm.sign(alKey, alDigest);
vm.prank(satoshi);
airdrop.claimSnowman(alice, AL_PROOF, v1, r1, s1);
assertEq(nft.balanceOf(alice), 1);
assertTrue(airdrop.getClaimStatus(alice));
vm.warp(block.timestamp + 1 weeks);
vm.prank(alice);
snow.earnSnow();
vm.prank(alice);
snow.approve(address(airdrop), 1);
bytes32 alDigest2 = airdrop.getMessageHash(alice);
(uint8 v2, bytes32 r2, bytes32 s2) = vm.sign(alKey, alDigest2);
vm.prank(satoshi);
airdrop.claimSnowman(alice, AL_PROOF, v2, r2, s2);
assertEq(nft.balanceOf(alice), 2);
}

Result: PASS. Alice ends up with 2 NFTs despite s_hasClaimedSnowman[alice] being true after her first claim — the flag exists in storage but enforces nothing.

Recommended Mitigation

if (s_hasClaimedSnowman[receiver]) revert SA__AlreadyClaimed();

Add this check at the top of claimSnowman(), before any transfer or mint logic executes.

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 3 hours ago
Submission Judgement Published
Validated
Assigned finding tags:

[L-01] Missing Claim Status Check Allows Multiple Claims in SnowmanAirdrop.sol::claimSnowman

# Root + Impact   **Root:** The [`claimSnowman`](https://github.com/CodeHawks-Contests/2025-06-snowman-merkle-airdrop/blob/b63f391444e69240f176a14a577c78cb85e4cf71/src/SnowmanAirdrop.sol#L44) function updates `s_hasClaimedSnowman[receiver] = true` but never checks if the user has already claimed before processing the claim, allowing users to claim multiple times if they acquire more Snow tokens. **Impact:** Users can bypass the intended one-time airdrop limit by claiming, acquiring more Snow tokens, and claiming again, breaking the airdrop distribution model and allowing unlimited NFT minting for eligible users. ## Description * **Normal Behavior:** Airdrop mechanisms should enforce one claim per eligible user to ensure fair distribution and prevent abuse of the reward system. * **Specific Issue:** The function sets the claim status to true after processing but never validates if `s_hasClaimedSnowman[receiver]` is already true at the beginning, allowing users to claim multiple times as long as they have Snow tokens and valid proofs. ## Risk **Likelihood**: Medium * Users need to acquire additional Snow tokens between claims, which requires time and effort * Users must maintain their merkle proof validity across multiple claims * Attack requires understanding of the missing validation check **Impact**: High * **Airdrop Abuse**: Users can claim far more NFTs than intended by the distribution mechanism * **Unfair Distribution**: Some users receive multiple rewards while others may receive none * **Economic Manipulation**: Breaks the intended scarcity and distribution model of the NFT collection ## Proof of Concept Add the following test to TestSnowMan.t.sol  ```Solidity function testMultipleClaimsAllowed() public { // Alice claims her first NFT vm.prank(alice); snow.approve(address(airdrop), 1); bytes32 aliceDigest = airdrop.getMessageHash(alice); (uint8 v, bytes32 r, bytes32 s) = vm.sign(alKey, aliceDigest); vm.prank(alice); airdrop.claimSnowman(alice, AL_PROOF, v, r, s); assert(nft.balanceOf(alice) == 1); assert(airdrop.getClaimStatus(alice) == true); // Alice acquires more Snow tokens (wait for timer and earn again) vm.warp(block.timestamp + 1 weeks); vm.prank(alice); snow.earnSnow(); // Alice can claim AGAIN with new Snow tokens! vm.prank(alice); snow.approve(address(airdrop), 1); bytes32 aliceDigest2 = airdrop.getMessageHash(alice); (uint8 v2, bytes32 r2, bytes32 s2) = vm.sign(alKey, aliceDigest2); vm.prank(alice); airdrop.claimSnowman(alice, AL_PROOF, v2, r2, s2); // Second claim succeeds! assert(nft.balanceOf(alice) == 2); // Alice now has 2 NFTs } ``` ## Recommended Mitigation **Add a claim status check at the beginning of the function** to prevent users from claiming multiple times. ```diff // Add new error + error SA__AlreadyClaimed(); function claimSnowman(address receiver, bytes32[] calldata merkleProof, uint8 v, bytes32 r, bytes32 s) external nonReentrant { + if (s_hasClaimedSnowman[receiver]) { + revert SA__AlreadyClaimed(); + } + if (receiver == address(0)) { revert SA__ZeroAddress(); } // Rest of function logic... s_hasClaimedSnowman[receiver] = true; } ```

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!