(HIGH) Duplicate hash in `ALLOWED_TREASURE_HASHES` makes one treasure permanently unclaimable and leaves an inventory mismatch between the circuit and the deploy script.
Location: circuits/src/main.nr:55-66 (duplicate at lines 64-65); circuits/src/tests.nr:30
Description
The Noir circuit bakes in 10 allowed Pedersen hashes in circuits/src/main.nr. Indexes 8 and 9 are identical:
But circuits/Prover.toml.example and contracts/scripts/Deploy.s.sol both say the correct hash at index 8 should be:
Treasure #9 (whose hash is -4417726...) is therefore not in the allowed set of the circuit. Anyone who physically finds treasure #9 cannot generate a valid proof and cannot claim the reward. The workaround is visible in circuits/src/tests.nr:30, where the test author uses treasure 10 twice and skips 9 entirely:
Risk
Likelihood: High any time a finder of treasure #9 tries to claim, the circuit rejects their proof.
Impact: Medium. One physical treasure is bricked; the ETH allocated to treasure #9 is stranded. The circuit still reaches MAX_TREASURES = 10 because treasure #10's hash matches both the duplicate entries
Proof of Concept
The simplest way to show the bug is to try to generate a proof for treasure #9 using its real hash (-4417726...). The circuit's is_allowed check fails:
Run:
The test body is marked should_fail because main() will assert-fail at assert(is_allowed(treasure_hash)) proving that treasure #9's real hash is not in the circuit's allowed set.
Recommended Mitigation
Replace the duplicate at index 8 with the correct hash and regenerate the verifier via ./build.sh. Restore the test to enumerate all 10 unique treasures.
Lead Judging Commences
unclaimable treasure / bricked withdraw path
The issue stems from a mismatch between the circuit and the contract’s economic assumptions: the Solidity contract is configured for `MAX_TREASURES = 10` and only allows the owner to call `withdraw()` once `claimsCount >= MAX_TREASURES`, while the Noir circuit’s baked-in `ALLOWED_TREASURE_HASHES` array does not actually contain ten distinct treasures because one hash is duplicated and another expected hash is missing. As a result, under the intended one-claim-per-treasure design described in the README, there are only nine uniquely claimable treasures even though the system is funded and accounted as if ten rewards can be legitimately redeemed. That creates two linked consequences from the same root cause: first, one treasure is effectively unclaimable because no valid proof can ever be generated for the missing allowed hash, and second, the normal “hunt over” withdrawal path becomes bricked because honest participants can never reach ten legitimate unique claims, leaving the post-hunt fund recovery logic via `withdraw` function permanently unreachable. The owner can still intervene through the emergency path.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.