SNARKeling Treasure Hunt
First Flight #59
Beginner FriendlyGameFiFoundry
100 EXP
View all submissions
Previous Next
Submission Details
Impact: low
Likelihood: medium

Wrong Event Emission

Author Revealed upon completion

Faulty event emisssion in claim function causing wrong information being logged

Description

  • The 'claim' function is used by the recipient to claim their reward using the zk proof and the treasure hash

  • At the end of the function however the event is emitted with wrong information.

@> emit Claimed(treasureHash, msg.sender);

Risk

Likelihood:

  • The payment goes out to the 'recipient' but it will be shown as going to msg.sender by off-chain indexers and explorers.


Impact:

  • The wrong address will be displayed as the beneficiary when the event logs out

  • Anyone can submit valid ZK proofs on behalf of different callers and misdirect who "appeared" to have found the treasure in the event logs.

  • Misleading leaderboards or statistics


Proof of Concept

This PoC test shows a test that shows how one participant calling the 'claim' function can lead to misleading data being logged due to the bug in the event emission code.

// PoC: Caller delegation with misleading event
function testEventMismatch() public {
address alice = address(0xAAAA);
address bob = address(0xBBBB);
bytes32 treasureHash = keccak256("treasure1");
bytes calldata validProofForAlice = getProof(alice, treasureHash);
// Bob calls claim() with Alice's proof and Alice as recipient
vm.prank(bob);
treasureHunt.claim(validProofForAlice, treasureHash, payable(alice));
// Events logged:
// emit Claimed(treasureHash, bob);
// Should be:
//emit Claimed(treasureHash, alice);
}

Recommended Mitigation

The mitigation is not complicated just correct the address logged off in the event to the correct one that is the 'recipient' not 'msg.sender'

- emit Claimed(treasureHash, msg.sender);
+ emit Claimed(treasureHash, recipient);

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!