SNARKeling Treasure Hunt

First Flight #59
Beginner FriendlyGameFiFoundry
100 EXP
Submission Details
Impact: low
Likelihood: high

Incorrect Event Emission

Author Revealed upon completion

Root + Impact

Description

Events are the primary way off-chain systems keep track of contract state changes. The Claimed event is intended to signal who successfully found a treasure and received the reward.

In the current implementation, the code transfers REWARD to the recipient, but logs the msg.sender. If a user uses a "relayer" or a secondary wallet to pay for gas while sending the funds to their hardware wallet (recipient), the public record will incorrectly show the gas-paying wallet as the winner.

// Root cause in the codebase
function claim(bytes calldata proof, bytes32 treasureHash, address payable recipient) external nonReentrant() {
// ... logic ...
(bool sent, ) = recipient.call{value: REWARD}("");
require(sent, "ETH_TRANSFER_FAILED");
@> emit Claimed(treasureHash, msg.sender); // Should be recipient
}

Risk

Likelihood: High

  • The code is hardcoded to log the wrong address.

Impact: Low

  • It does not result in a loss of funds (the money still goes to the right place), but it corrupts the "source of truth" for the hunt's history and creates confusion for users.

Proof of Concept

Recommended Mitigation

Update the event to emit the address that actually received the reward.

- emit Claimed(treasureHash, msg.sender);
+ emit Claimed(treasureHash, recipient);

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!