Double-claim via Snow re-acquisition — `s_hasClaimedSnowman` is written but never read
Root + Impact
Description
-
A one-shot claim flag should be checked at the top of
claimSnowmanto make every airdrop slot single-use. -
s_hasClaimedSnowman[receiver] = trueis set, but no code path reads it. Replay is gated only bybalanceOf(receiver) == 0after the transfer. Anyone can refill the claimed user's balance and replay the same signature + Merkle proof.
Risk
Likelihood:
-
Reason 1: Snow is a freely transferable ERC20 — any third party (or the claimant themselves) can send Snow back to the receiver after a claim.
-
Reason 2: The signature and Merkle proof are deterministic functions of
(receiver, balanceOf(receiver))— oncebalanceOfmatches the snapshot amount again, both gating checks pass with the original(proof, v, r, s)payload.
Impact:
-
Impact 1: Whitelisted users mint unbounded Snowman NFTs by refilling Snow and replaying the same call.
-
Impact 2: Full economic dilution of the NFT collection on top of C-01.
Proof of Concept
The PoC walks through one full cycle of the replay: Alice claims with the legitimate (proof, v, r, s) and receives her single NFT (post-state asserts both the NFT mint and the Snow burn). A second wallet then transfers Snow back to Alice — this can be any external party, no privilege required. With Alice's balance restored to the snapshot value, the unchanged (proof, v, r, s) tuple is resubmitted, the contract re-validates everything (because the flag is never checked), and Alice mints a second NFT. The repeating assertion balanceOf == 2 is what proves the slot is not single-use; the same loop body would scale to N NFTs by repeating refills.
Recommended Mitigation
The fix wires the existing s_hasClaimedSnowman mapping as a hard replay guard at the top of the function (before any external call) and writes to it BEFORE the external token transfer and the mint — restoring Checks-Effects-Interactions order. Reading first, then writing, makes each receiver slot atomically one-shot regardless of post-claim balance state. Note that we deliberately keep the flag check above the balance check so users see a precise error after their successful first claim instead of the misleading SA__ZeroAmount.
Lead Judging Commences
[L-01] Missing Claim Status Check Allows Multiple Claims in SnowmanAirdrop.sol::claimSnowman
# Root + Impact   **Root:** The [`claimSnowman`](https://github.com/CodeHawks-Contests/2025-06-snowman-merkle-airdrop/blob/b63f391444e69240f176a14a577c78cb85e4cf71/src/SnowmanAirdrop.sol#L44) function updates `s_hasClaimedSnowman[receiver] = true` but never checks if the user has already claimed before processing the claim, allowing users to claim multiple times if they acquire more Snow tokens. **Impact:** Users can bypass the intended one-time airdrop limit by claiming, acquiring more Snow tokens, and claiming again, breaking the airdrop distribution model and allowing unlimited NFT minting for eligible users. ## Description * **Normal Behavior:** Airdrop mechanisms should enforce one claim per eligible user to ensure fair distribution and prevent abuse of the reward system. * **Specific Issue:** The function sets the claim status to true after processing but never validates if `s_hasClaimedSnowman[receiver]` is already true at the beginning, allowing users to claim multiple times as long as they have Snow tokens and valid proofs. ## Risk **Likelihood**: Medium * Users need to acquire additional Snow tokens between claims, which requires time and effort * Users must maintain their merkle proof validity across multiple claims * Attack requires understanding of the missing validation check **Impact**: High * **Airdrop Abuse**: Users can claim far more NFTs than intended by the distribution mechanism * **Unfair Distribution**: Some users receive multiple rewards while others may receive none * **Economic Manipulation**: Breaks the intended scarcity and distribution model of the NFT collection ## Proof of Concept Add the following test to TestSnowMan.t.sol ```Solidity function testMultipleClaimsAllowed() public { // Alice claims her first NFT vm.prank(alice); snow.approve(address(airdrop), 1); bytes32 aliceDigest = airdrop.getMessageHash(alice); (uint8 v, bytes32 r, bytes32 s) = vm.sign(alKey, aliceDigest); vm.prank(alice); airdrop.claimSnowman(alice, AL_PROOF, v, r, s); assert(nft.balanceOf(alice) == 1); assert(airdrop.getClaimStatus(alice) == true); // Alice acquires more Snow tokens (wait for timer and earn again) vm.warp(block.timestamp + 1 weeks); vm.prank(alice); snow.earnSnow(); // Alice can claim AGAIN with new Snow tokens! vm.prank(alice); snow.approve(address(airdrop), 1); bytes32 aliceDigest2 = airdrop.getMessageHash(alice); (uint8 v2, bytes32 r2, bytes32 s2) = vm.sign(alKey, aliceDigest2); vm.prank(alice); airdrop.claimSnowman(alice, AL_PROOF, v2, r2, s2); // Second claim succeeds! assert(nft.balanceOf(alice) == 2); // Alice now has 2 NFTs } ``` ## Recommended Mitigation **Add a claim status check at the beginning of the function** to prevent users from claiming multiple times. ```diff // Add new error + error SA__AlreadyClaimed(); function claimSnowman(address receiver, bytes32[] calldata merkleProof, uint8 v, bytes32 r, bytes32 s) external nonReentrant { + if (s_hasClaimedSnowman[receiver]) { + revert SA__AlreadyClaimed(); + } + if (receiver == address(0)) { revert SA__ZeroAddress(); } // Rest of function logic... s_hasClaimedSnowman[receiver] = true; } ```
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Judging
Submissions are being reviewed by our AI judge. Results will be available in a few minutes.
View all submissionsRewards Distribution
The contest is complete and the rewards are being distributed.