MESSAGE_TYPEHASH - Typo in EIP-712 Type Hash Declaration in SnowmanAirdrop.sol
Root + Impact
Root: The MESSAGE_TYPEHASH constant contains a typo in the type signature string: "SnowmanClaim(addres receiver, uint256 amount)" with "addres" instead of "address".
Impact: The incorrect type hash will cause all EIP-712 signature validations to fail, making the entire airdrop mechanism non-functional as no valid signatures can be generated or verified.
Description
Normal Behavior: EIP-712 type hash strings must exactly match the struct definition for signature validation to work correctly.
Specific Issue: The typo "addres" instead of "address" creates a hash that doesn't match what wallets and signing libraries generate when creating signatures for the correct
SnowmanClaimstruct, causing all signature verifications to fail.
Risk
Likelihood: High
Every signature validation will fail due to the incorrect type hash
The error affects 100% of claim attempts, making it immediately noticeable
Users cannot successfully claim any NFTs through the intended mechanism
Impact: High
Complete Airdrop Failure: No users can claim NFTs as all signatures will be invalid
Broken EIP-712 Implementation: Signature validation mechanism is completely non-functional
Contract Redeployment Required: The immutable constant cannot be fixed without redeploying the entire contract
Proof of Concept
The below code shows proof of the typo
Recommended Mitigation
Fix the typo in the EIP-712 type hash declaration to enable proper signature validation.
Lead Judging Commences
Inconsistent MESSAGE_TYPEHASH with standard EIP-712 declaration
A typo in the `MESSAGE_TYPEHASH` variable of the `SnowmanAirdrop` contract will prevent signature verification claims. Used `addres` instead of `address`
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.