Snowman Merkle Airdrop

AI First Flight #10

Beginner FriendlyFoundrySolidityNFT

EXP

View results

Previous Next

Submission Details

Impact: low

Likelihood: medium

Invalid

Missing Max Supply Limit in Snowman Allows Unlimited NFT Minting

alaaeldinsabib

Summary

The Snowman.sol contract lacks a maximum supply limit for NFT minting. Combined with the missing access control vulnerability, an attacker can mint an unlimited number of NFTs, completely destroying the scarcity and value of the collection.

Description

The Snowman contract is designed to distribute a fixed number of NFTs through an airdrop mechanism. However, there is no MAX_SUPPLY constant or check in the mintSnowman function to limit the total number of NFTs that can be minted.

Root Cause

File: src/Snowman.sol (lines 38-45)

function mintSnowman(address receiver, uint256 amount) external {

for (uint256 i = 0; i < amount; i++) {

_safeMint(receiver, s_TokenCounter);

emit SnowmanMinted(receiver, s_TokenCounter);

s_TokenCounter++;

}

// ❌ No max supply check!

}

Risk

Severity: Low
Likelihood: Medium
Impact: Low

❌ No limit on total NFT supply
❌ Combined with access control bug, allows unlimited minting
❌ Destroys NFT scarcity and value
✅ Requires access control vulnerability to be exploited first

Proof of Concept

Scenario: Attacker exploits missing access control to mint unlimited NFTs.

Expected Behavior: There should be a maximum supply limit that prevents excessive minting.

Actual Behavior: Attacker can mint millions of NFTs in a single transaction.

function test_NoMaxSupplyAllowsUnlimitedMinting() public {

address attacker = makeAddr("attacker");

// Attacker mints 1,000,000 NFTs

vm.prank(attacker);

snowman.mintSnowman(attacker, 1000000);

uint256 balance = snowman.balanceOf(attacker);

assertEq(balance, 1000000);

console2.log("VULNERABILITY: Minted 1,000,000 NFTs with no max supply limit");

console2.log("Total supply:", snowman.getTokenCounter());

}

Test Output:

VULNERABILITY: Minted 1,000,000 NFTs with no max supply limit

Total supply: 1000000

What This Proves:

✅ No maximum supply limit exists
✅ Unlimited NFTs can be minted
✅ Destroys collection scarcity

Recommended Mitigation

Add a maximum supply constant and check:

// Add max supply constant

uint256 public constant MAX_SUPPLY = 10000; // Example: 10,000 NFTs

function mintSnowman(address receiver, uint256 amount) external onlyAuthorizedMinter {

require(s_TokenCounter + amount <= MAX_SUPPLY, "Exceeds max supply");

for (uint256 i = 0; i < amount; i++) {

_safeMint(receiver, s_TokenCounter);

emit SnowmanMinted(receiver, s_TokenCounter);

s_TokenCounter++;

}

Why This Fixes It:

✅ Enforces maximum NFT supply
✅ Prevents unlimited minting
✅ Maintains collection scarcity

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 2 hours ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!