high

Address of USDC token in `Deploy.s.sol` is wrong causing the claiming process...

Contest
sponsor logo

First Flight #14: AirDropper
Selected Submission

Address of USDC token in Deploy.s.sol is wrong causing the claiming process to fail

Severity

High Risk

Relevant GitHub Links

https://github.com/Cyfrin/2024-04-airdropper/blob/781cf225664a4ad11e9654aaa39cc528016bf214/script/Deploy.s.sol#L8-L8

Summary

The s_zkSyncUSDC address in Deploy.s.sol is incorrectly set, leading to a failure in the claiming process. This error results in funds being stuck in the MerkleAirdrop contract due to the immutability of the token address.

Impact

All funds become permanently trapped in the MerkleAirdrop contract, rendering them inaccessible for claiming or transfer.

Proof of Concept:

To demonstrate the issue, a test contract can be added and executed using the following command:

forge test --zksync --rpc-url $RPC_ZKSYNC --mt testDeployOnZkSync

Use the RPC URL https://mainnet.era.zksync.io for testing.

Proof Of Code 
// SPDX-License-Identifier: MIT
pragma solidity 0.8.24;

import { MerkleAirdrop, IERC20 } from "../src/MerkleAirdrop.sol";
import { Test, console2 } from "forge-std/Test.sol";

contract MerkleAirdropTest is Test {
    MerkleAirdrop public s_airdrop;
    uint256 s_amountToCollect = (25 * 1e6); // 25.000000
    address s_collectorOne = 0x20F41376c713072937eb02Be70ee1eD0D639966C;

    bytes32 s_proofOne = 0x32cee63464b09930b5c3f59f955c86694a4c640a03aa57e6f743d8a3ca5c8838;
    bytes32 s_proofTwo = 0x8ff683185668cbe035a18fccec4080d7a0331bb1bbc532324f40501de5e8ea5c;
    bytes32[] s_proof = [s_proofOne, s_proofTwo];
    address public deployer;

    // From Deploy.t.sol
    bytes32 public s_merkleRoot = 0x3b2e22da63ae414086bec9c9da6b685f790c6fab200c7918f2879f08793d77bd;
    address public s_zkSyncUSDC = 0x1d17CBcF0D6D143135aE902365D2E5e2A16538D4;
    uint256 public s_amountToAirdrop = 4 * (25 * 1e6);

    function setUp() public {
        deployer = makeAddr("deployer");
        deal(0x1D17CbCf0D6d143135be902365d2e5E2a16538d4, deployer, 100 * 1e6);
        vm.deal(s_collectorOne, 100 ether);
    }

    function testDeployOnZkSync() public {
        if (block.chainid != 324) {
            return;
        }
        vm.startPrank(deployer);

        // From here there is the code from run()
        s_airdrop = deployMerkleDropper(s_merkleRoot, IERC20(s_zkSyncUSDC));
        // Send USDC -> Merkle Air Dropper
        IERC20(0x1d17CBcF0D6D143135aE902365D2E5e2A16538D4).transfer(address(s_airdrop), s_amountToAirdrop);
        // end code from run
        
        vm.stopPrank();
        vm.startPrank(s_collectorOne);
        s_airdrop.claim{ value: s_airdrop.getFee() }(s_collectorOne, s_amountToCollect, s_proof);
        vm.stopPrank();
    }

    function deployMerkleDropper(bytes32 merkleRoot, IERC20 zkSyncUSDC) public returns (MerkleAirdrop) {
        return (new MerkleAirdrop(merkleRoot, zkSyncUSDC));
    }
}

Tools Used

foundry-zksync

Recommendations

To resolve the issue, update the s_zkSyncUSDC address in Deploy.s.sol to the correct value:

-       address public s_zkSyncUSDC = 0x1D17CbCf0D6d143135be902365d2e5E2a16538d4; 
+       address public s_zkSyncUSDC = 0x1d17CBcF0D6D143135aE902365D2E5e2A16538D4;