Submission Details
Impact:
Likelihood:
Repeated value in `ALLOWED_TREASURE_HASHES` makes the intended 10 treasures unreachable
Author Revealed upon completion
Root + Impact
Description
The last value in ALLOWED_TREASURE_HASHES array in main.nr is repeated which makes the total claimable value to be nine instead of the intended 10.
global ALLOWED_TREASURE_HASHES: [Field; 10] = [
1505662313093145631275418581390771847921541863527840230091007112166041775502,
-7876059170207639417138377068663245559360606207000570753582208706879316183353,
-5602859741022561807370900516277986970516538128871954257532197637239594541050,
2256689276847399345359792277406644462014723416398290212952821205940959307205,
10311210168613568792124008431580767227982446451742366771285792060556636004770,
-5697637861416433807484703347699404695743570043365849280798663758395067508,
-2009295789879562882359281321158573810642695913475210803991480097462832104806,
8931814952839857299896840311953754931787080333405300398787637512717059406908,
-961435057317293580094826482786572873533235701183329831124091847635547871092,
-961435057317293580094826482786572873533235701183329831124091847635547871092
];
https://github.com/CodeHawks-Contests/2026-04-snarkeling/blob/f563199227dd06c21e94c228b4460d81a6d0eed4/circuits/src/main.nr#L55-#L65
Risk
Likelihood:
High
Impact:
Only nine treasures will be claimable. Yet the intended are 10
Proof of Concept
Nil
Recommended Mitigation
Consider adding the intended value, and remove the duplicate.
Rewards breakdown
nSLOC
220This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.
Rewards Distribution
The contest is complete and the rewards are being distributed.