Today (4/14), KernelDAO opened the first quarter $KERNEL token airdrop.
If you meet the eligibility criteria for the KernelDAO (KelpDAO) airdrop and participate in this Binance Megadrop, you can receive at least 100+15=115 $KERNEL (current price about 40U).
Regarding the KernelDAO airdrop, I have always found it interesting because I participated in the KelpDAO airdrop event through the rsETH on the Arbitrum chain in 2024.
Although I submitted the rsETH staked in a third-party agreement as early as 2024/11/16, the points for that staked position continued to be calculated and collected until 2025/4/14.
The vulnerabilities and flaws in this type of re-staking agreement score mechanism are not unique to KelpDAO.
In my experience, similar data fetching errors have occurred when I deposited FBTC into Bedrock to mint uniBTC. (However, the FBTC team Ignition quickly corrected the error.)
In this regard, I thought of two possible vulnerabilities that could affect the scoring system and airdrop eligibility:
If I were an individual investor, I could widely stake the re-staked tokens into different agreements and then unstake them. This way, I could see which agreements would have data fetching errors, allowing the extracted positions to continue receiving airdrop points. Then, I would stake a large amount of assets into that position and immediately withdraw, completing the operation of 'as long as the other party does not notice the issue, I can maintain a permanent income of points.'
If I were an agreement, since the other party needs to fetch my data to calculate airdrop points, I have the opportunity to manipulate the fetched data maliciously in the middle.
These are two possibilities I thought about during this experience, but I am not a technical person, so I welcome DEV friends to correct or supplement.
Summary
Although this round of LST and LRT airdrop season seems to be coming to an end, there are not many agreements left that have not issued tokens, but agreements that have issued tokens are still continuing to carry out second and third quarter airdrop activities.
Therefore, such mechanism vulnerabilities still have the opportunity to operate, which will inevitably affect the fairness of airdrop distribution. I hope the relevant agreements can pay attention to and properly handle this issue.
-------------------------------------
※ The above content does not constitute investment advice (NFA). Users are advised to operate according to their own risk tolerance and participate in the investment market with caution, DYOR.
※ The attached image is taken from KernelDAO
