Airdrop Contract Development via Merkle Distributor
We often see the classic mistake – trying to distribute tokens through a loop with on-chain sending to each address. With 10,000 recipients, that's 10,000 transactions, tens of thousands of dollars in gas, and several hours of work. Our team, with over 5 years of blockchain experience and 50+ token launch projects, recommends a different approach – a Merkle distributor. You set the Merkle root on-chain once, and each recipient claims their tokens individually, paying only for their own inclusion. This reduces your gas bill by hundreds of times – a Merkle distributor saves up to 99% of gas compared to direct transfers. The base library for implementation is OpenZeppelin MerkleProof.
Problems We Solve
- Exorbitant gas for large lists. An on-chain airdrop to 50,000 addresses can cost >$20,000 in gas alone. Our Merkle distributor saved one client 99% of the cost: from $25,000 to under $250.
- Second preimage attack vulnerability. We use a double-hashed leaf as in OpenZeppelin, which completely blocks the attack.
- Token lock without deadline. We add a deadline with the possibility to recover remaining tokens to the owner.
- Lack of vesting. We embed linear vesting directly into the distributor.
Airdrop Approach Comparison
| Parameter |
On-chain loop |
Merkle distributor |
| Transactions |
N (each recipient – separate call) |
1 (set root) + N (each claim – paid by recipient) |
| Gas (10k users, ETH mainnet) |
~30 ETH |
~0.1 ETH (for root) + ~0.02 ETH per user |
| Execution time |
Hours |
Minutes (after deploy) |
| Security |
Gas-dependent |
Proven MerkleProof library |
The gas saving factor is up to 300x for 10,000 addresses, a significant improvement for teams with limited token launch budgets.
How the Merkle Distributor Works
Moving to L2 further reduces gas costs: on Arbitrum or Base, a claim costs pennies, not dollars. Contact us for a detailed estimate for your audience.
Our Guarantees & Experience
We are an experienced team with over 5 years in blockchain development and 50+ token launch projects audited by Certik and Consensys Diligence. We offer a warranty on our contracts and provide post-launch support.
How We Do It
We use a proven stack: Solidity 0.8.x + OpenZeppelin libraries (MerkleProof, ERC20), for off-chain – TypeScript + @openzeppelin/merkle-tree. We deploy on Ethereum L1 or L2 (Arbitrum, Base, Optimism) per your choice. Example implementation with bit packing for claimed status:
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;
import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import "@openzeppelin/contracts/utils/cryptography/MerkleProof.sol";
contract MerkleAirdrop {
IERC20 public immutable token;
bytes32 public immutable merkleRoot;
mapping(uint256 => uint256) private claimedBitMap;
constructor(address _token, bytes32 _merkleRoot) {
token = IERC20(_token);
merkleRoot = _merkleRoot;
}
function isClaimed(uint256 index) public view returns (bool) {
uint256 claimedWordIndex = index / 256;
uint256 claimedBitIndex = index % 256;
uint256 claimedWord = claimedBitMap[claimedWordIndex];
uint256 mask = (1 << claimedBitIndex);
return claimedWord & mask == mask;
}
function claim(
uint256 index,
address account,
uint256 amount,
bytes32[] calldata merkleProof
) external {
require(!isClaimed(index), "Already claimed");
bytes32 leaf = keccak256(bytes.concat(
keccak256(abi.encode(index, account, amount))
));
require(
MerkleProof.verify(merkleProof, merkleRoot, leaf),
"Invalid proof"
);
_setClaimed(index);
require(token.transfer(account, amount), "Transfer failed");
emit Claimed(index, account, amount);
}
}
Off-Chain Merkle Tree Generation
import { StandardMerkleTree } from "@openzeppelin/merkle-tree"
const values = [
[0, "0xAddress1...", ethers.parseEther("100")],
[1, "0xAddress2...", ethers.parseEther("250")],
]
const tree = StandardMerkleTree.of(values, ["uint256", "address", "uint256"])
console.log("Merkle Root:", tree.root)
for (const [i, v] of tree.entries()) {
if (v[1] === "0xAddress1...") {
const proof = tree.getProof(i)
}
}
import fs from "fs"
fs.writeFileSync("tree.json", JSON.stringify(tree.dump()))
You distribute proofs via a simple API: GET /proof?address=0x... → returns { index, amount, proof[] }. The API can be implemented with Fastify or Express – typical code is about 50 lines.
Why Choose L2 for Airdrop?
On Ethereum mainnet, a claim costs ~$2–10 per transaction. On Arbitrum, Base, or Optimism – cents. If your audience is mass, L2 lowers the entry barrier. We help select the right rollup and configure the token bridge.
| Network |
Average claim cost |
Confirmation time |
| Ethereum L1 |
$2–10 |
~15 seconds |
| Arbitrum |
$0.01–0.05 |
~1 minute |
| Base |
$0.01–0.03 |
~1 second |
| Optimism |
$0.01–0.05 |
~1 minute |
Our Work Process
- Analysis – discuss the address list, token, L1/L2, need for vesting, deadline.
- Design – choose Merkle tree structure, write contract specification.
- Development – write the contract using OpenZeppelin, off-chain scripts, API.
- Testing – unit tests, fuzzing (Echidna), simulation in Tenderly.
- Deployment – to the chosen network, contract verification, test claim.
- Support – monitoring, helping users with claim issues.
What's Included
- Smart contract (Merkle distributor with optional deadline/vesting)
- Off-chain Merkle tree generator + TypeScript scripts
- API for distributing proofs (Fastify/Express)
- Example UI integration (React + viem)
- Deployment and operational documentation
- 2 weeks of post-launch support
We use Echidna for fuzzing the contract, checking proof correctness, preventing double claims, and gas limits. Simulation in Tenderly allows us to reproduce any transaction before deployment.
Timeline and Pricing
A standard turnkey implementation takes 1 to 2 weeks. Pricing is calculated individually based on options (vesting, gasless claim, custom UI). We assess your project in one business day – just write to us, and we'll prepare a proposal.
Example cost breakdown
Basic Merkle distributor with deadline: $5,000
Add vesting: +$3,000
Gasless claim: +$2,000
Custom UI: +$4,000
Token Development: ERC-20, Tokenomics, Vesting
We’ve seen more rekt tokens than we can count — not because the code was broken, but because the economic assumptions were naive. A token that doesn’t collapse from inflation in six months, where governance actually works, and vesting can’t be bypassed through delegation tricks — that’s real engineering. We build under that standard.
How We Avoid Common ERC-20 Pitfalls
ERC-20 standard has nine functions. Complexity starts with extensions:
ERC-20Permit (EIP-2612) — gasless approve via signature. User signs permit(owner, spender, value, deadline, v, r, s) off-chain, spender calls permit() + transferFrom() in one transaction. Removes separate approve step. Risk: signature can be intercepted — need deadline and nonce checking. We always implement EIP-712 typed structured data to prevent signature malleability.
ERC-20Votes (EIP-5805) — snapshot balances for governance. Checkpoint system stores balance history by block number. getPastVotes(address, blockNumber) returns balance at proposal creation, not current. Prevents flash loan governance: can't borrow tokens and vote in one transaction.
Rebasing tokens (stETH, Ampleforth) — balanceOf changes automatically through internal shares ratio. High integration complexity: most DeFi protocols don't work correctly with rebasing without non-rebasing wrapper. We've deployed wrappers that decouple balance from share price for Uniswap compatibility.
Fee-on-transfer tokens — percentage cut on every transfer. Breaks AMM calculations: pool receives less than expected. Uniswap v2/v3 don't support natively — needs special pair/router. We’ve built custom routers that handle fee-on-transfer tokens without reverting.
Why Tokenomics Sustainability Matters More Than Excel
Tokenomics isn't Excel table summing to 100%. It's incentive model that either works long-term or creates selling pressure killing the project.
Emission Schedule and Inflation — Fixed supply (Bitcoin model) works for store-of-value, but for utility tokens you need controlled inflation. Inflationary model (like Ethereum post-Merge) generates new tokens to incentivize participants. Key balance: emission should be <= value captured by protocol. If protocol earns $100k/month but emission is $500k/month in market value — constant selling pressure inevitable. We model these scenarios using Python simulations with cadCAD for complex systems.
Supply Distribution — No universal formula. Principle: no single entity >33% voting power at launch. Otherwise governance is fiction.
| Category |
Typical Range |
Risk |
| Team + advisors |
15–20% |
Dumping on unlock |
| Investors (seed, private) |
15–25% |
Coordinated exit |
| Treasury / DAO |
20–35% |
Governance capture |
| Ecosystem / grants |
10–20% |
Inefficient allocation |
| Public sale / LBP |
5–15% |
Undervaluation → whale capture |
| Liquidity provision |
5–10% |
Mercenary capital |
What Are the Most Critical Vesting Contract Mistakes?
Linear vesting with cliff is standard for team and investors. cliff is the period after TGE with zero availability. After cliff: linear unlock until duration. Typical implementation errors we catch in audit:
- Revocable vesting without timelock — owner can revoke immediately. Solution: revocation through multisig + governance vote with 7-day delay.
- Cliff doesn't block governance rights — with ERC-20Votes, recipient can delegate voting power from day one even if tokens aren't unlocked. We explicitly separate voting power from claim logic.
- No emergency pause — if vesting contract vulnerability discovered, need ability to pause claims. Pausable + timelock on unpause.
We’ve seen a project where the cliff was set to 0 by mistake — team could dump immediately. Our fuzz tests catch such edge cases before deployment.
Vesting contract implementation details
Pausable and Ownable2Step from OpenZeppelin are standard. We add a 7-day timelock on revocation functions. All withdraw functions emit events for off-chain tracking. Fuzz tests verify that cumulative released amount never exceeds total allocation, even after multiple revocations or partial claims.
Why Is Liquidity Bootstrapping Crucial for Token Launch?
Launch mechanics are critical. Three main approaches:
-
Balancer LBP — temporary pool with high initial token weight (90/10 project-token/USDC) that automatically decreases to 50/50 over days. Creates downward price pressure preventing bot buys at one price. After LBP liquidity moves to permanent pool.
-
Fjord Foundry — specialized platform for LBP and fair launches. Less operational overhead than direct Balancer integration.
-
Uniswap v3 with limited range — add liquidity in narrow range around initial price. High capital efficiency but requires active range management.
-
TWAMM — mechanics for gradual large-order sales without slippage. Implemented in FraxSwap.
LBP is 3-5x better than standard AMM listing for price discovery; we’ve seen fair launches with 50% less initial dump compared to direct Uniswap listings.
Governance Tokens and Voting Mechanics
OpenZeppelin Governor is the standard. Modular: GovernorVotes for counting, GovernorTimelockControl for timelock execution, GovernorSettings for adjustable parameters. Quorum is minimum percentage of supply for voting validity. Compound set quorum at 400k COMP (4% supply). We set quorum dynamically based on historical participation to avoid apathy or whale capture.
Flash loan governance attack — attacker borrows tokens via flash loan, delegates to self, creates proposal or votes, returns tokens. ERC-20Votes with block-based snapshot completely blocks this: must have tokens at snapshot creation moment, not voting moment.
Delegation — small holders often don't vote. Liquid delegation (like Optimism) lets delegate voting power to addresses without transfer. Critical for protocols with many passive holders.
| Token Type |
Use Case |
Our Stack |
| ERC-20 utility |
Payments, rewards, gas |
Solidity 0.8.x, OpenZeppelin 5.x |
| ERC-20Permit |
Gasless approvals |
EIP-2612, EIP-712 |
| ERC-20Votes |
On-chain governance |
Governor, TimelockController |
| ERC-1155 |
Multi-token (NFT + fungible) |
Solidity, OpenZeppelin |
| Vesting contracts |
Team/investor lockup |
LinearVesting, CliffVesting |
Token Development Stack
Contracts: Solidity 0.8.x, OpenZeppelin Contracts 5.x (ERC20, ERC20Permit, ERC20Votes, Governor, TimelockController, TokenVesting).
Tokenomics audit: Python models with emission/demand simulation, cadCAD for complex systems modeling.
Deployment and management: Foundry scripts, Gnosis Safe for treasury, OpenZeppelin Defender for automation.
Analytics: Dune Analytics for on-chain metrics, Token Terminal for protocol revenue.
What’s Included in the Work (Deliverables)
- Tokenomics model with stress tests (bear market, whale exit, governance capture)
- Contract development with Foundry fuzz tests (gas optimization, reentrancy tests, overflow checks)
- Audit summary and list of edge cases covered
- Deployment scripts with Gnosis Safe admin keys
- Documentation for future upgrades and maintenance
- 30-day post-launch monitoring support
Process
-
Tokenomics design — supply model, allocation, emission schedule, vesting. Stress-test scenarios.
-
Contract development — ERC-20 + extensions, vesting, governance. Foundry fuzz tests on vesting calculations, governance thresholds.
-
Audit — special attention on governance attack vectors, vesting bypass, permit replay attacks. We use Slither and Echidna for formal verification.
-
LBP / launch — choose mechanics, set parameters, monitor first 24 hours.
-
Post-launch — monitor supply distribution via Dune, governance participation metrics, treasury management.
Timelines
- ERC-20 with permit and basic governance: 2–3 weeks
- Vesting contract with revocation and cliff: 2–4 weeks
- Full governance (Governor + Timelock + Token): 4–7 weeks
- Token + LBP + governance + vesting: 8–14 weeks
We can estimate your project within 24 hours after discussing requirements. Contact us to start the conversation — no obligation, just a technical chat about your token model. Get a detailed proposal tailored to your tokenomics and compliance needs.