Dynamic balance enables griefing — 1 wei Snow transfer invalidates claim
Title: Dynamic balance enables griefing — 1 wei Snow transfer invalidates claim
Impact: Medium. Attacker front-runs with 1 wei Snow to permanently block a victim's claim.
Likelihood: Medium. Requires purchasing or earning Snow and front-running the claim transaction.
Reference Files: repos/src/SnowmanAirdrop.sol:76,84,107-109,112-122
Description
The claimSnowman() flow relies on i_snow.balanceOf(receiver) at two points: in getMessageHash() for the EIP-712 signature digest, and in the Merkle leaf computation. The receiver must sign a message with their current balance before the claim. An attacker can front-run this by transferring 1 wei of Snow to the receiver, changing their balance. The pre-signed message was computed with the old balance, but verification uses the new balance — the signature check fails with SA__InvalidSignature, permanently blocking the claim.
The victim must either remove the extra tokens to restore their balance or obtain a new signature for the new amount — both difficult or impossible in practice.
Risk
Impact: Medium. An attacker can permanently block any user from claiming their Snowman NFT by sending a minimal amount of Snow tokens (1 wei) to their address before the claim transaction executes. The Merkle proof also breaks since the leaf now encodes the new balance. The griefing costs only the minimal Snow token amount.
Likelihood: Medium. The attacker needs to acquire Snow tokens (via buy or earn) and front-run the target's claim transaction. With MEV-aware infrastructure, this is achievable on any public mempool chain.
A user with 100 Snow tokens signs a claim message. An attacker sends 1 wei Snow → both the signature and Merkle proof invalidate → the user can never claim their NFT.
Proof of Concept
The PoC proves a front-running dust transfer invalidates the victim's pre-signed claim message.
Recommended Mitigation
Pass amount as a parameter to both claimSnowman() and getMessageHash() instead of reading balanceOf. This decouples the signature and Merkle proof from the live balance, allowing the user to commit to a specific claim amount that dust transfers cannot invalidate.
Lead Judging Commences
[M-01] DoS to a user trying to claim a Snowman
# Root + Impact ## Description * Users will approve a specific amount of Snow to the SnowmanAirdrop and also sign a message with their address and that same amount, in order to be able to claim the NFT * Because the current amount of Snow owned by the user is used in the verification, an attacker could forcefully send Snow to the receiver in a front-running attack, to prevent the receiver from claiming the NFT.  ```Solidity function getMessageHash(address receiver) public view returns (bytes32) { ... // @audit HIGH An attacker could send 1 wei of Snow token to the receiver and invalidate the signature, causing the receiver to never be able to claim their Snowman uint256 amount = i_snow.balanceOf(receiver); return _hashTypedDataV4( keccak256(abi.encode(MESSAGE_TYPEHASH, SnowmanClaim({receiver: receiver, amount: amount}))) ); ``` ## Risk **Likelihood**: * The attacker must purchase Snow and forcefully send it to the receiver in a front-running attack, so the likelihood is Medium **Impact**: * The impact is High as it could lock out the receiver from claiming forever ## Proof of Concept The attack consists on Bob sending an extra Snow token to Alice before Satoshi claims the NFT on behalf of Alice. To showcase the risk, the extra Snow is earned for free by Bob. ```Solidity function testDoSClaimSnowman() public { assert(snow.balanceOf(alice) == 1); // Get alice's digest while the amount is still 1 bytes32 alDigest = airdrop.getMessageHash(alice); // alice signs a message (uint8 alV, bytes32 alR, bytes32 alS) = vm.sign(alKey, alDigest); vm.startPrank(bob); vm.warp(block.timestamp + 1 weeks); snow.earnSnow(); assert(snow.balanceOf(bob) == 2); snow.transfer(alice, 1); // Alice claim test assert(snow.balanceOf(alice) == 2); vm.startPrank(alice); snow.approve(address(airdrop), 1); // satoshi calls claims on behalf of alice using her signed message vm.startPrank(satoshi); vm.expectRevert(); airdrop.claimSnowman(alice, AL_PROOF, alV, alR, alS); } ``` ## Recommended Mitigation Include the amount to be claimed in both `getMessageHash` and `claimSnowman` instead of reading it from the Snow contract. Showing only the new code in the section below ```Python function claimSnowman(address receiver, uint256 amount, bytes32[] calldata merkleProof, uint8 v, bytes32 r, bytes32 s) external nonReentrant { ... bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(receiver, amount)))); if (!MerkleProof.verify(merkleProof, i_merkleRoot, leaf)) { revert SA__InvalidProof(); } // @audit LOW Seems like using the ERC20 permit here would allow for both the delegation of the claim and the transfer of the Snow tokens in one transaction i_snow.safeTransferFrom(receiver, address(this), amount); // send ... } ```
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Judging
Submissions are being reviewed by our AI judge. Results will be available in a few minutes.
View all submissionsRewards Distribution
The contest is complete and the rewards are being distributed.