Snowman Merkle Airdrop
AI First Flight #10
Beginner FriendlyFoundrySolidityNFT
EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Typo in MESSAGE_TYPEHASH Breaks All Signatures

sharthak18

Description

  • Line 21 has a typo: "addres" instead of "address". This breaks the EIP-712 hash, causing all valid signatures to fail validation.

bytes32 MESSAGE_TYPEHASH = keccak256("AirdropClaim(addres receiver,uint256 amount)");
// ^^^^^^ TYPO - should be "address"

Risk

Likelihood:

  • As soon as the contract deploy

Impact:

  • All signature validations will fail; airdrop is non-functional

  • All signatures generated off-chain will use correct "address" spelling

  • Contract will compute different hash with "addres" typo

  • All claimSnowman() calls will revert with invalid signature

  • Airdrop is completely broken

Proof of Concept

Create a file inside of test folder and paste the code


// SPDX-License-Identifier: MIT
pragma solidity 0.8.24;
import {Test, console} from "forge-std/Test.sol";
import {Snow} from "../src/Snow.sol";
import {Snowman} from "../src/Snowman.sol";
import {SnowmanAirdrop} from "../src/SnowmanAirdrop.sol";
import {DeploySnow} from "../script/DeploySnow.s.sol";
import {MockWETH} from "../src/mock/MockWETH.sol";
contract AllVulnerabilitiesPoC is Test {
// Snow.sol contracts
Snow snow;
DeploySnow deployer;
MockWETH weth;
address collector;
uint256 FEE;
// Snowman.sol and SnowmanAirdrop.sol contracts
Snowman snowman;
SnowmanAirdrop airdrop;
bytes32 merkleRoot = bytes32(0x1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef);
// Test addresses
address alice;
address bob;
address charlie;
address attacker;
function setUp() public {
// Deploy Snow.sol contracts
deployer = new DeploySnow();
snow = deployer.run();
weth = deployer.weth();
collector = deployer.collector();
FEE = deployer.FEE();
// Deploy Snowman.sol and SnowmanAirdrop.sol contracts
snowman = new Snowman("ipfs://snowman");
airdrop = new SnowmanAirdrop(merkleRoot, address(snow), address(snowman));
// Create test addresses
alice = makeAddr("alice");
bob = makeAddr("bob");
charlie = makeAddr("charlie");
attacker = makeAddr("attacker");
// Fund users
deal(alice, 100 ether);
deal(bob, 100 ether);
deal(charlie, 100 ether);
deal(attacker, 100 ether);
weth.mint(alice, 100 * FEE);
weth.mint(bob, 100 * FEE);
weth.mint(charlie, 100 * FEE);
weth.mint(attacker, 100 * FEE);
}
/// @notice CRITICAL: Typo in MESSAGE_TYPEHASH breaks all signature validation
function test_Airdrop_BrokenSignatureValidation() public {
vm.prank(alice);
snow.buySnow{value: 5 ether}(1);
assertEq(snow.balanceOf(alice), 1);
// PROOF: "addres" instead of "address" in MESSAGE_TYPEHASH
// All signatures will be invalid
}}

Recommended Mitigation

Fixing the typo will do

bytes32 MESSAGE_TYPEHASH = keccak256("AirdropClaim(address receiver,uint256 amount)");
Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 6 hours ago
Submission Judgement Published
Validated
Assigned finding tags:

[H-02] Unconsistent `MESSAGE_TYPEHASH` with standart EIP-712 declaration on contract `SnowmanAirdrop`

# Root + Impact ## Description * Little typo on `MESSAGE_TYPEHASH` Declaration on `SnowmanAirdrop` contract ```Solidity // src/SnowmanAirdrop.sol 49: bytes32 private constant MESSAGE_TYPEHASH = keccak256("SnowmanClaim(addres receiver, uint256 amount)"); ``` **Impact**: * `function claimSnowman` never be `TRUE` condition ## Proof of Concept Applying this function at the end of /test/TestSnowmanAirdrop.t.sol to know what the correct and wrong digest output HASH. Ran with command: `forge test --match-test testFrontendSignatureVerification -vvvv` ```Solidity function testFrontendSignatureVerification() public { // Setup Alice for the test vm.startPrank(alice); snow.approve(address(airdrop), 1); vm.stopPrank(); // Simulate frontend using the correct format bytes32 FRONTEND_MESSAGE_TYPEHASH = keccak256("SnowmanClaim(address receiver, uint256 amount)"); // Domain separator used by frontend (per EIP-712) bytes32 DOMAIN_SEPARATOR = keccak256( abi.encode( keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)"), keccak256("Snowman Airdrop"), keccak256("1"), block.chainid, address(airdrop) ) ); // Get Alice's token amount uint256 amount = snow.balanceOf(alice); // Frontend creates hash using the correct format bytes32 structHash = keccak256( abi.encode( FRONTEND_MESSAGE_TYPEHASH, alice, amount ) ); // Frontend creates the final digest (per EIP-712) bytes32 frontendDigest = keccak256( abi.encodePacked( "\x19\x01", DOMAIN_SEPARATOR, structHash ) ); // Alice signs the digest created by the frontend (uint8 v, bytes32 r, bytes32 s) = vm.sign(alKey, frontendDigest); // Digest created by the contract (with typo) bytes32 contractDigest = airdrop.getMessageHash(alice); // Display both digests for comparison console2.log("Frontend Digest (correct format):"); console2.logBytes32(frontendDigest); console2.log("Contract Digest (with typo):"); console2.logBytes32(contractDigest); // Compare the digests - they should differ due to the typo assertFalse( frontendDigest == contractDigest, "Digests should differ due to typo in MESSAGE_TYPEHASH" ); // Attempt to claim with the signature - should fail vm.prank(satoshi); vm.expectRevert(SnowmanAirdrop.SA__InvalidSignature.selector); airdrop.claimSnowman(alice, AL_PROOF, v, r, s); assertEq(nft.balanceOf(alice), 0); } ``` ## Recommended Mitigation on contract `SnowmanAirdrop` Line 49 applying this: ```diff - bytes32 private constant MESSAGE_TYPEHASH = keccak256("SnowmanClaim(addres receiver, uint256 amount)"); + bytes32 private constant MESSAGE_TYPEHASH = keccak256("SnowmanClaim(address receiver, uint256 amount)"); ```

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!