Incorrect Leaf Node Construction
Summary
The onchain ad off chain merkle proof will not match.
Vulnerability Details
The contract constructs leaf nodes for the Merkle Tree by double hashing the user data. Specifically, in functions like claimLSDTokens, withdraw, and unqueueTokens, the leaf node is constructed as follows:
bytes32 node = keccak256(````bytes.concat(keccak256(abi.encode(account, _amount, _sharesAmount)))````);
Typically, Merkle Trees are constructed by hashing the encoded user data once per leaf. Double hashing introduces discrepancies between on-chain verification and off-chain Merkle Tree construction. In this case the on-chain is hashed twice and the off-chain is hashed once.
hashing twice protects against the second preimage attack, however the ipfs is hashed once which introduces the discrepancy.
The off-chain Merkle Tree is constructed with single-hashed leaves, but on-chain verification expects double-hashed leaves, all Merkle Proofs will fail, rendering the distribution mechanism non-functional.
Also the ipfs uses abi.encode vs the on-chain abi.encodepacked. The resuls from these two abi will be different leading to inconsistent proofs.
Impact
failed markle proofs and verification
Tools Used
Manual Review
Recommendations
Ensure consistencies between the on-chain and off-chain hashing and the ABIs.
// Correct leaf node construction with single hashing
```bytes32 node = keccak256(abi.encodePacked(account, _amount, _sharesAmount));`
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.