SNARKeling Treasure Hunt

First Flight #59

Beginner FriendlyGameFiFoundry

100 EXP

View all submissions

Previous Next

Submission Details

Impact: high

Likelihood: high

Duplicate Hash in ALLOWED_TREASURE_HASHES (Circuit Bug)

Author Revealed upon completion

Root + Impact

Description

The ALLOWED_TREASURE_HASHES array contains a duplicate entry. Indices 8 and 9 both have the same hash value:

// @>ALLOWED_TREASURE_HASHES in main.nr:

-961435057317293580748470334769940469574357001183329831124091847635547871092, // index 8

-961435057317293580094826482786572873533235701183329831124091847635547871092 // index 9

Risk

Likelihood:

Reason 1: Probability: 10% (=1/10), assume each treasure to be equally uncovered.

Impact:

Impact 1: As long as either Treasure@index8 or Treasure@index9 is successfully discovered, the other one cannot be claimed since they point to the same Treasure.

Proof of Concept

When a game starts, a participant discovers the Treasure@index9 and claims the reword. Any participant cannot claim the reward for Treasure@index8 as they point to the same Treasure.

Game start ...

ParticipantA discovers Treasure @index9 and submits a ZK proof to claim a treasure reward for a its recipient address;

ParticipantA's submission is proved and the reward is taken.

ParaticipantB discovers Treasure @index8 and submits a ZK proof to claim a treasure reward with a its recipient address.

The claim failed since Treasure @index8 points to an already claimed Treasure @index9.

Recommended Mitigation

To remove one of the duplicate hash in main.nrand add a new valid hash pointing to a unique Treasure.

//file: main.nr

global ALLOWED_TREASURE_HASHES: [Field; 10] = [

1505662313093145631275418581390771847921541863527840230091007112166041775502,

-7876059170207639417138377068663245559360606207000570753582208706879316183353,

-5602859741022561807370900516277986970516538128871954257532197637239594541050,

2256689276847399345359792277406644462014723416398290212952821205940959307205,

10311210168613568792124008431580767227982446451742366771285792060556636004770,

-5697637861416433807484703347699404695743570043365849280798663758395067508,

-2009295789879562882359281321158573810642695913475210803991480097462832104806,

8931814952839857299896840311953754931787080333405300398787637512717059406908,

- -961435057317293580094826482786572873533235701183329831124091847635547871092,

+ (a valid hash pointing to a unique Treasure)

-961435057317293580094826482786572873533235701183329831124091847635547871092

];

Rewards breakdown

nSLOC

220

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!