fix(audit review)

.gas-snapshot

@@ -6,15 +6,4 @@ SemaphoreAirdropTest:testCannotClaimWithInvalidProof() (gas: 8797746687696282396
 SemaphoreAirdropTest:testCannotClaimWithInvalidSignal() (gas: 2948678)
 SemaphoreAirdropTest:testCannotDoubleClaim() (gas: 3004607)
 SemaphoreAirdropTest:testCannotUpdateAirdropAmountIfNotManager() (gas: 16865)
-SemaphoreAirdropTest:testUpdateAirdropAmount() (gas: 19308)
-SemaphoreMultiAirdropTest:testCanClaim() (gas: 3122714)
-SemaphoreMultiAirdropTest:testCanClaimAfterNewMemberAdded() (gas: 3789635)
-SemaphoreMultiAirdropTest:testCanCreateAirdrop() (gas: 141458)
-SemaphoreMultiAirdropTest:testCanUpdateAirdropDetails() (gas: 149676)
-SemaphoreMultiAirdropTest:testCannotClaimHoursAfterNewMemberAdded() (gas: 3513319)
-SemaphoreMultiAirdropTest:testCannotClaimIfNotMember() (gas: 3067076)
-SemaphoreMultiAirdropTest:testCannotClaimNonExistantAirdrop() (gas: 2731400)
-SemaphoreMultiAirdropTest:testCannotClaimWithInvalidProof() (gas: 8797746687696288053)
-SemaphoreMultiAirdropTest:testCannotClaimWithInvalidSignal() (gas: 3069668)
-SemaphoreMultiAirdropTest:testCannotDoubleClaim() (gas: 3125373)
-SemaphoreMultiAirdropTest:testNonOwnerCannotUpdateAirdropDetails() (gas: 143499)
+SemaphoreAirdropTest:testUpdateAirdropAmount() (gas: 19308)

Makefile

@@ -22,12 +22,8 @@ snapshot:; FOUNDRY_PROFILE=bench forge snapshot
 # Deploy contracts 
 deploy-airdrop: install build; node --no-warnings scripts/deploy.js deploy-airdrop
 
-deploy-multi-airdrop: install build; node --no-warnings scripts/deploy.js deploy-multi-airdrop
-
 mock-airdrop: install build; node --no-warnings scripts/deploy.js mock-airdrop
 
-mock-multi-airdrop: install build; node --no-warnings scripts/deploy.js mock-multi-airdrop
-
 # ===== Utility Rules =================================================================================================
 
 # Format the solidity code.

foundry.toml

@@ -70,10 +70,7 @@ optimizer_runs = 20000
 verbosity = 3
 
 # We can specify the contracts to track gas data for by tracing.
-gas_reports = [
-  "WolrdIDAirdrop",
-  "WorldIDMultiAirdrop",
-]
+gas_reports = ["WolrdIDAirdrop"]
 
 # === Production Profile ======================================================
 

scripts/deploy.js

@@ -236,75 +236,6 @@ async function deployMockAirdrop(config) {
   }
 }
 
-async function deployMockMultiAirdrop(config) {
-  dotenv.config();
-
-  await getPrivateKey(config);
-  await getEthereumRpcUrl(config);
-  await getEtherscanApiKey(config);
-  await deployWorldIDIdentityManagerRouterMock(config);
-  await getWorldIDIdentityManagerRouterAddress(config);
-  await saveConfiguration(config);
-  await getAirdropParameters(config);
-
-  const spinner = ora(`Deploying WorldIDAirdrop contract...`).start();
-
-  try {
-    const data = execSync(
-      `forge script scripts/WorldIDMultiAirdrop.s.sol:DeployWorldIDMultiAirdrop --fork-url ${config.ethereumRpcUrl} \
-      --etherscan-api-key ${config.ethereumEtherscanApiKey} --broadcast -vvvv`
-    );
-    console.log(data.toString());
-    spinner.succeed('Deployed WorldIDMultiAirdrop contract successfully!');
-  } catch (err) {
-    console.error(err);
-    spinner.fail('Deployment of WorldIDMultiAirdrop has failed.');
-  }
-}
-
-// TODO: Couldn't get it to work :(
-// You can use the following instead
-// To deploy Multi Airdrop:
-// ```
-// forge create --private-key $PRIVATE_KEY --rpc-url $RPC_URL src/WorldIDMultiAirdrop.sol:WorldIDMultiAirdrop --constructor-args $ADDRESS_OF_WORLD_ID_ROUTER
-// ```
-//
-// To encode args for verification:
-// ```
-// cast abi-encode 'constructor(address)' $ADDRESS_OF_WORLD_ID_ROUTER
-// ```
-//
-// To verify:
-//
-// ```
-// forge verify-contract $ADDRESS_OF_MULTI_AIRDROP src/WorldIDMultiAirdrop.sol:WorldIDMultiAirdrop --etherscan-api-key $API_KEY --constructor-args $CONSTRUCTOR_ARGS_FROM_CAST_ENCODE --chain 137
-// ```
-async function deployMultiAirdrop(config) {
-  dotenv.config();
-
-  await getPrivateKey(config);
-  await getEthereumRpcUrl(config);
-  await getEtherscanApiKey(config);
-  await getWorldIDIdentityManagerRouterAddress(config);
-  await saveConfiguration(config);
-  await getAirdropParameters(config);
-
-  const spinner = ora(`Deploying WorldIDAirdrop contract...`).start();
-
-  try {
-    console.log('x');
-    const data = execSync(
-      `forge script scripts/WorldIDMultiAirdrop.s.sol:DeployWorldIDMultiAirdrop --legacy --fork-url ${config.ethereumRpcUrl} --broadcast -vvvv`
-    );
-    console.log('x');
-    console.log(data.toString());
-    spinner.succeed('Deployed WorldIDMultiAirdrop contract successfully!');
-  } catch (err) {
-    console.error(err);
-    spinner.fail('Deployment of WorldIDMultiAirdrop has failed.');
-  }
-}
-
 async function setAllowance(config) {
   await getErc20Address(config);
   await getHolderAddress(config);
@@ -342,17 +273,6 @@ async function main() {
       await saveConfiguration(config);
     });
 
-  program
-    .name('deploy-multi-aidrop')
-    .command('deploy-multi-airdrop')
-    .description('Interactively deploys the WorldIDMultiAirdrop contracts on Ethereum mainnet.')
-    .action(async () => {
-      const options = program.opts();
-      let config = await loadConfiguration(options.config);
-      await deployMultiAirdrop(config);
-      await saveConfiguration(config);
-    });
-
   program
     .name('mock-airdrop')
     .command('mock-airdrop')
@@ -366,19 +286,6 @@ async function main() {
       await saveConfiguration(config);
     });
 
-  program
-    .name('mock-multi-airdrop')
-    .command('mock-multi-airdrop')
-    .description(
-      'Interactively deploys WorldIDIdentityManagerMock alongside with WorldIDMultiAirdrop for testing.'
-    )
-    .action(async () => {
-      const options = program.opts();
-      let config = await loadConfiguration(options.config);
-      await deployMockMultiAirdrop(config);
-      await saveConfiguration(config);
-    });
-
   program
     .name('set-allowance')
     .command('set-allowance')

src/WorldIDAirdrop.sol

@@ -118,6 +118,8 @@ contract WorldIDAirdrop {
         nullifierHashes[nullifierHash] = true;
 
         SafeTransferLib.safeTransferFrom(token, holder, receiver, airdropAmount);
+
+        emit AirdropClaimed(receiver);
     }
 
     ///////////////////////////////////////////////////////////////////////////////

src/test/WorldIDAirdrop.t.sol

@@ -13,6 +13,7 @@ import {WorldIDAirdrop} from "../WorldIDAirdrop.sol";
 /// functionality for a single airdrop.
 contract WorldIDAirdropTest is PRBTest {
     event AmountUpdated(uint256 amount);
+    event AirdropClaimed(address receiver);
 
     address public user;
     uint256 internal groupId;
@@ -56,14 +57,18 @@ contract WorldIDAirdropTest is PRBTest {
     }
 
     /// @notice Tests that the user is able to claim tokens if the World ID proof is valid
-    function testCanClaim(uint256 worldIDRoot, uint256 nullifierHash) public {
+    function testCanClaim(uint256 worldIDRoot, uint256 nullifierHash, address receiver) public {
         vm.assume(worldIDRoot != 0 && nullifierHash != 0);
 
         assertEq(token.balanceOf(address(this)), 0);
 
-        airdrop.claim(address(this), worldIDRoot, nullifierHash, proof);
+        vm.expectEmit(true, true, true, true);
+        emit AirdropClaimed(receiver);
 
-        assertEq(token.balanceOf(address(this)), airdrop.airdropAmount());
+        vm.prank(receiver);
+        airdrop.claim(receiver, worldIDRoot, nullifierHash, proof);
+
+        assertEq(token.balanceOf(receiver), airdrop.airdropAmount());
     }
 
     /// @notice Tests that nullifier hash for the same action cannot be consumed twice