In contract UnripeFacet
, the function pick
is using OpenZeppelin's MerkleProof
to validate that the Pick is valid. But it builds the leaf node in the wrong way, causing the function to potentially suffer a Second Preimage attack.
The function pick
will build a leaf node by following codes:
As per the comment of the OpenZeppelin Merkle tree librar(https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/utils/cryptography/MerkleProof.sol#L8-L22), you should avoid using leaf values that are 64 bytes long prior to hashing because it will suffer a Second Preimage attack.
For more details about Second Preimage attack, you can refer to this article: https://www.rareskills.io/post/merkle-tree-second-preimage-attack
The Second Preimage attack will bypass the merkle proof validation, and then the attacker can steal tokens by following codes:
The attacker may be able to launch a Second Preimage attack to bypass the merkle proof validation and steal tokens from the contract.
Manual Review
Consider following fix:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.