Snowman Merkle Airdrop
First Flight #42
Beginner FriendlyFoundrySolidityNFT
100 EXP
View all submissions
Previous Next
Submission Details
Impact: low
Likelihood: low

Incorrect EIP-712 TypeHash Prevents Signature Verification in SnowmanClaim

Author Revealed upon completion

Root + Impact

Description

  • The MESSAGE_TYPEHASH is expected to represent the hash of a properly defined EIP-712 type string, which is critical for verifying off-chain signed messages using ecrecover.

  • The type string contains a typo (addres instead of address), which results in a hash that is different from the correct structure. As a result, signatures generated off-chain using the correct struct definition will fail to verify on-chain, breaking any functionality that relies on this message type hash.

bytes32 private constant MESSAGE_TYPEHASH = keccak256("SnowmanClaim(addres receiver, uint256 amount)"); // keccak256 hash of the SnowmanClaim struct's type signature, used for EIP-712 compliant message signing

Risk

Likelihood:

  • This will occur whenever a user attempts to validate or use an EIP-712 signature for the SnowmanClaim struct.

  • Any signed message generated off-chain using the correct address Type will mismatch the on-chain hash.

Impact:

  • Signature validation will consistently fail, rendering the claim or signature-based access functions inoperable.

  • The trust model relying on signed messages for secure, gas-efficient off-chain authorization becomes unusable.


Recommended Mitigation

- bytes32 private constant MESSAGE_TYPEHASH = keccak256("SnowmanClaim(addres receiver, uint256 amount)");
+ bytes32 private constant MESSAGE_TYPEHASH = keccak256("SnowmanClaim(address receiver, uint256 amount)");

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.