SNARKeling Treasure Hunt
First Flight #59
Beginner FriendlyGameFiFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

L-02 Duplicate Allowed-Hash Entry Reduces Circuit Uniqueness

dechn

Description

The Noir circuit defines ALLOWED_TREASURE_HASHES as an array of 10 elements, but the final two entries are identical. As a result, the circuit contains only 9 unique allowed treasure hashes.

This weakens the clarity of the intended treasure inventory and creates ambiguity between “10 slots” and “10 unique treasures.”

Risk

This issue does not by itself demonstrate a direct exploit, but it creates correctness and maintenance risk:

  • reviewers may incorrectly assume there are 10 unique treasure hashes

  • operators may misunderstand the actual treasure inventory

  • future changes become riskier because the source does not clearly express the intended unique set

Proof of Concept

The duplicated entries are visible directly in the circuit:

global ALLOWED_TREASURE_HASHES: [Field; 10] = [
...,
-961435057317293580094826482786572873533235701183329831124091847635547871092,
-961435057317293580094826482786572873533235701183329831124091847635547871092
];

Because is_allowed() only checks whether a hash appears anywhere in the list, the duplicate final entry does not add a new claimable treasure. It only repeats an already-allowed value.

Recommended Mitigation

Replace the duplicate entry with the intended unique treasure hash and regenerate any dependent artifacts.

diff --git a/circuits/src/main.nr b/circuits/src/main.nr
--- a/circuits/src/main.nr
+++ b/circuits/src/main.nr
@@ -61,6 +61,6 @@ global ALLOWED_TREASURE_HASHES: [Field; 10] = [
-5697637861416433807484703347699404695743570043365849280798663758395067508,
-2009295789879562882359281321158573810642695913475210803991480097462832104806,
8931814952839857299896840311953754931787080333405300398787637512717059406908,
- -961435057317293580094826482786572873533235701183329831124091847635547871092,
+ -4417726114039171734934559783368726413190541565291523767661452385022043124552,
-961435057317293580094826482786572873533235701183329831124091847635547871092
];
Updates

Lead Judging Commences

s3mvl4d Lead Judge 18 days ago
Submission Judgement Published
Validated
Assigned finding tags:

unclaimable treasure / bricked withdraw path

The issue stems from a mismatch between the circuit and the contract’s economic assumptions: the Solidity contract is configured for `MAX_TREASURES = 10` and only allows the owner to call `withdraw()` once `claimsCount >= MAX_TREASURES`, while the Noir circuit’s baked-in `ALLOWED_TREASURE_HASHES` array does not actually contain ten distinct treasures because one hash is duplicated and another expected hash is missing. As a result, under the intended one-claim-per-treasure design described in the README, there are only nine uniquely claimable treasures even though the system is funded and accounted as if ten rewards can be legitimately redeemed. That creates two linked consequences from the same root cause: first, one treasure is effectively unclaimable because no valid proof can ever be generated for the missing allowed hash, and second, the normal “hunt over” withdrawal path becomes bricked because honest participants can never reach ten legitimate unique claims, leaving the post-hunt fund recovery logic via `withdraw` function permanently unreachable. The owner can still intervene through the emergency path.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!