SNARKeling Treasure Hunt
First Flight #59
Beginner FriendlyGameFiFoundry
100 EXP
View all submissions
Previous Next
Submission Details
Impact: medium
Likelihood: high

Repeated hash of treasure

Author Revealed upon completion

One of the allowed treausure hashes is repeated leading to fewer winners than expected

Description

  • The 'main.nr' file has an array of allowed pedersen hashes that contains hashes of allowed treasures labelled 'ALLOWED_TREASURE_HASHES' which it uses to check if the given treasure corresponds to a valid treasure

  • The issue is that the second last and last hashes in the 'ALLOWED_TREASURE_HASHES' array are the exact same.This reduces the allowed treasures from 10 to 9, and therefore a winner would not be included.

// Baked-in set of 10 allowed treasure hashes (pedersen hashes).
global ALLOWED_TREASURE_HASHES: [Field; 10] = [
1505662313093145631275418581390771847921541863527840230091007112166041775502,
-7876059170207639417138377068663245559360606207000570753582208706879316183353,
-5602859741022561807370900516277986970516538128871954257532197637239594541050,
2256689276847399345359792277406644462014723416398290212952821205940959307205,
10311210168613568792124008431580767227982446451742366771285792060556636004770,
-5697637861416433807484703347699404695743570043365849280798663758395067508,
-2009295789879562882359281321158573810642695913475210803991480097462832104806,
8931814952839857299896840311953754931787080333405300398787637512717059406908,
@> -961435057317293580094826482786572873533235701183329831124091847635547871092,
@> -961435057317293580094826482786572873533235701183329831124091847635547871092
//the last 2 hashes are the exact same
];

Risk

Likelihood:

  • When a user(the ninth valid participant) finds the treasure that corresponds to the last two pedersen hashes, their treasure will be accepted and the next participant would not be able to to be allowed due to only 9 instead of the expected 10.

Impact:

  • This goes against a certain rule implied by the code that there are ten valid treasures and reduces them to nine.

Proof of Concept

This PoC flow suggests that the contest can only have nine winners instead of the expected ten

1.The first eight valid treasures are found and they correspond to their individual hashes which check out
2.The ninth valid treasure is found and submitted, the protocol expects one more user to find the last treasure but there is none due to only 9 valid hashes
3. Only 9 winners instead of the 10 due to error in protocol code

Recommended Mitigation

The mitigation would be to find a new hash to correspond the the actual tenth treasure

// Baked-in set of 10 allowed treasure hashes (pedersen hashes).
global ALLOWED_TREASURE_HASHES: [Field; 10] = [
1505662313093145631275418581390771847921541863527840230091007112166041775502,
-7876059170207639417138377068663245559360606207000570753582208706879316183353,
-5602859741022561807370900516277986970516538128871954257532197637239594541050,
2256689276847399345359792277406644462014723416398290212952821205940959307205,
10311210168613568792124008431580767227982446451742366771285792060556636004770,
-5697637861416433807484703347699404695743570043365849280798663758395067508,
-2009295789879562882359281321158573810642695913475210803991480097462832104806,
8931814952839857299896840311953754931787080333405300398787637512717059406908,
-961435057317293580094826482786572873533235701183329831124091847635547871092,
- -961435057317293580094826482786572873533235701183329831124091847635547871092
+ some other valid hash
];

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!