Hashtag Web3 / Updated
Merkle Airdrop Distribution Explained
A Merkle airdrop is a highly efficient method for distributing tokens to a large number of users. This guide explains how it uses Merkle trees to save gas.

Airdrops serve as an effective method for distributing a new token to a project's community. However, distributing tokens to thousands or even millions of addresses poses a significant technical challenge: how to do it without incurring excessive gas fees. Sending individual transfer transactions to each recipient is prohibitively expensive.
The industry-standard solution for this issue is the Merkle airdrop, a gas-efficient method that employs a cryptographic data structure known as a Merkle tree. This approach allows verification of a user's eligibility to claim tokens without the need to store the entire list of eligible addresses on-chain.
The Problem with Naive Airdrops
Consider the scenario of airdropping tokens to a large number of eligible addresses. A straightforward approach might involve creating a smart contract that loops through each address, calling the transfer function for each recipient.
// Inefficient and will fail
function airdrop(address[] calldata recipients, uint256[] calldata amounts) external onlyOwner {
for (uint i = 0; i < recipients.length; i++) {
token.transfer(recipients[i], amounts[i]);
}
}
This method fails due to gas limits. Executing the loop for a large number of addresses would exceed the block gas limit, resulting in a transaction failure.
The Merkle Tree Solution: A Pull-Based Approach
A Merkle airdrop uses a "pull" mechanism rather than a "push" one. Instead of the contract distributing tokens to everyone, eligible users must come to the contract to "pull" or claim their tokens. The Merkle tree enables the contract's verification of a user's eligibility without requiring the entire list of addresses.
The Process:
Step 1: Off-Chain - Build the Merkle Tree
- Create the List: Generate a list of all eligible addresses and the corresponding token amounts. This serves as the "whitelist."
- Hash the Leaves: Each entry (e.g.,
address + amount) is hashed to create a "leaf" of the tree. - Build the Tree: Pair up the leaves and hash them together to create parent nodes. Continue this process until reaching a single hash at the top, known as the Merkle root.
Step 2: On-Chain - Store Only the Root
The smart contract stores only the single, 32-byte Merkle root.
contract Airdrop {
bytes32 public immutable merkleRoot;
constructor(bytes32 _merkleRoot) {
merkleRoot = _merkleRoot;
}
// ... claim function
}
This method is highly gas-efficient. You can prove the eligibility of millions of users with just one bytes32 hash stored on-chain.
Step 3: Off-Chain - Generate the Proof
When a user wishes to claim their airdrop, they must prove their eligibility to the contract using a Merkle proof.
The Merkle proof comprises the "sibling" hashes necessary to recalculate the Merkle root from the user's specific leaf hash. The user's wallet or the project’s frontend can generate this proof.
Step 4: On-Chain - Verify the Proof and Claim
The user calls the claim function on the smart contract, providing their address, the amount being claimed, and their unique Merkle proof.
function claim(address recipient, uint256 amount, bytes32[] calldata merkleProof) external {
// 1. Recreate the leaf hash from the user's data
bytes32 leaf = keccak256(abi.encodePacked(recipient, amount));
// 2. Use the provided proof to recalculate the Merkle root
bytes32 computedRoot = MerkleProof.processProof(merkleProof, leaf);
// 3. Verify that the recalculated root matches the one stored in the contract
require(computedRoot == merkleRoot, "Invalid proof.");
// ... (also check that the user hasn't claimed before) ...
// 4. If valid, transfer the tokens
token.transfer(recipient, amount);
}
The smart contract does not need the entire list of addresses. It only checks if the proof provided by the user, combined with their data, results in the same Merkle root stored in the contract. If it matches, the user is verified, and the tokens are released.
Why It's So Efficient
- Minimal On-Chain Storage: Only a single 32-byte hash is stored, regardless of whether there are many eligible users.
- Shifts Gas Costs to Users: The gas costs associated with claiming tokens fall on the individual users rather than the project, which avoids the expense of processing numerous separate transactions.
The Merkle airdrop represents an intelligent cryptographic pattern essential for projects aiming for large-scale and gas-efficient token distribution on the blockchain.