L-02.E IP-712 Typehash has a typo error
Root + Impact
Description
The claimSnowman function relies on an EIP-712 signature to verify that the receiver is authorized to claim their Snowman NFTs. The signature hash is constructed using a MESSAGE_TYPEHASH constant intended to represent the typed data struct SnowmanClaim(address receiver, uint256 amount).
However, the declared MESSAGE_TYPEHASH uses a malformed type string with a typo (addres instead of address), causing the resulting signature hash to be invalid if not taking into account and ensuring that such signed message will ever verify correctly.
Risk
Likelihood:
Weak because it is more likely that the receiver will use information from the contracts, e.g. by calling the getMessageHash function
Impact:
Invalid signature if the receiver does not take into account the typo in his signature
Proof of Concept
No PoC
Recommended Mitigation
Lead Judging Commences
Inconsistent MESSAGE_TYPEHASH with standard EIP-712 declaration
A typo in the `MESSAGE_TYPEHASH` variable of the `SnowmanAirdrop` contract will prevent signature verification claims. Used `addres` instead of `address`
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.