[H-1]: Incorrect MESSAGE_TYPEHASH Definition
Root + Impact
Description
Normal Behavior:
The SnowmanAirdrop contract uses EIP-712 signatures to validate a user's claim before allowing them to mint a Snowman NFT. This involves hashing a struct and verifying the signer's signature using EIP-712 domain seperator and ECDSA.
Specific Issue:
The contract incorrectly defines the MESSAGE_TYPEHASH for the SnowClaim struct as:
The word addres is a messpelling of address, which leads to a hash mismatch when generating EIP-712 signatures. As a result, all signatures will be invalid, and no user will be able to successfully claim their Snoman NFTs.
Risk
Likelihood:
-
This error will occur every time a user tries to claim using a correctly signed message based on the real
SnowmanClaim(address receiver, uint256 amount)struct. -
Developers or end users signing messages off-chain using the correct sturct definition will always fail to verify on-chain.
Impact:
-
Sinature verification fails on all claims, effectively disabling the airdrop.
-
Users will waste gas on failed claim attempts, leading to poor UX and trust issues.
Proof of Concept
Here is the PoC demonstrating the issue given below:
Note: make getter function in the SnowmanAirdrop to get the MESSAGE_TYPEHASH or just copy paste the following in the AirdropContract
Copy the given PoC code to the TestSnowmanAirdrop.t.sol:
Recommended Mitigation
After this fix, Signatures generated off-chain with the correct struct type will match the digest produced on-chain, allowing valid claims to succeed.
Lead Judging Commences
Inconsistent MESSAGE_TYPEHASH with standard EIP-712 declaration
A typo in the `MESSAGE_TYPEHASH` variable of the `SnowmanAirdrop` contract will prevent signature verification claims. Used `addres` instead of `address`
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.