Critical Bug in EIP712 Type Hash Due to Typo (addres instead of address)
Summary
The constant MESSAGE_TYPEHASH is defined incorrectly as keccak256("SnowmanClaim(addres receiver, uint256 amount)") instead of keccak256("SnowmanClaim(address receiver, uint256 amount)").
This invalid type hash affects EIP712 signature generation and verification.
Description
Since EIP712 requires that the type hash precisely matches the off-chain signer struct, this typo may cause:
Incorrect digest computation on-chain.
All off-chain signatures generated using the correct schema would fail verification on-chain.
Only clients who replicated this typo off-chain would produce valid signatures.
It tightly couples the system to the typo'd struct and may cause future failures if off-chain code is fixed.
Impact
Invalid signature verification.
Incompatibility between off-chain and on-chain signing.
Likelihood
HIGH
PoC
Tools used
Manual verification
Recommended mitigation
Update the constant to:
bytes32 private constant MESSAGE_TYPEHASH = keccak256("SnowmanClaim(address receiver, uint256 amount)");
Lead Judging Commences
Inconsistent MESSAGE_TYPEHASH with standard EIP-712 declaration
A typo in the `MESSAGE_TYPEHASH` variable of the `SnowmanAirdrop` contract will prevent signature verification claims. Used `addres` instead of `address`
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.