Snowman Merkle Airdrop

AI First Flight #10

Beginner FriendlyFoundrySolidityNFT

EXP

View results

Previous Next

Submission Details

Severity: high

Valid

Typo in EIP-712 `MESSAGE_TYPEHASH` Permanently Breaks All Delegation Claims

bugnetter

Description

EIP-712 requires the struct type string to exactly match the Solidity types used. Wallets and signing libraries (ethers.js, viem, web3.py) all use canonical type names when computing the EIP-712 digest. The contract's getMessageHash() encodes the struct hash using MESSAGE_TYPEHASH, and _isValidSignature() calls ECDSA.recover on this digest.
The MESSAGE_TYPEHASH constant on line 49 of SnowmanAirdrop.sol spells "addres" with one 's' instead of "address". Because keccak256 is collision-resistant, the contract computes a different EIP-712 digest than any standard wallet. Every delegation-path claimSnowman call reverts with SA__InvalidSignature.

// SnowmanAirdrop.sol — line 49

bytes32 private constant MESSAGE_TYPEHASH =

keccak256("SnowmanClaim(addres receiver, uint256 amount)");

// @> "addres" — missing second 's'

// Correct: "SnowmanClaim(address receiver, uint256 amount)"

Risk

Likelihood:

The bug is baked into a compile-time constant — it is present from deployment with no preconditions
No wallet, SDK, or signing library will produce the typo variant, since they all resolve Solidity type names by their canonical spelling

Impact:

100% of delegation-path claims permanently fail — the delegation feature of SnowmanAirdrop is non-functional at deployment
Users who rely on a third party to submit their claim on their behalf cannot receive their Snowman NFTs through this path

Proof of Concept

// SPDX-License-Identifier: MIT

pragma solidity ^0.8.24;

import {Test, console} from "forge-std/Test.sol";

import {SnowmanAirdrop} from "../src/SnowmanAirdrop.sol";

import {Snowman} from "../src/Snowman.sol";

import {Snow} from "../src/Snow.sol";

contract MockWETH {

mapping(address => uint256) public balanceOf;

function transferFrom(address, address, uint256) external returns (bool) { return true; }

function transfer(address, uint256) external returns (bool) { return true; }

}

contract PocCR001_FINAL is Test {

SnowmanAirdrop airdrop;

Snowman snowman;

Snow snow;

function setUp() public {

MockWETH weth = new MockWETH();

snow = new Snow(address(weth), 1, address(this));

snowman = new Snowman("svg");

airdrop = new SnowmanAirdrop(bytes32(0), address(snow), address(snowman));

}

function test_Baseline_FINAL() public view {

bytes32 typoHash = keccak256("SnowmanClaim(addres receiver, uint256 amount)");

bytes32 correctHash = keccak256("SnowmanClaim(address receiver, uint256 amount)");

assertTrue(typoHash != correctHash, "Hashes must differ");

console.log("Typo hash:");

console.logBytes32(typoHash);

console.log("Correct hash:");

console.logBytes32(correctHash);

}

function test_VulnerabilityDemo_FINAL() public {

address user;

uint256 userPk;

(user, userPk) = makeAddrAndKey("claimUser");

vm.prank(user);

snow.earnSnow();

uint256 amount = snow.balanceOf(user);

bytes32 correctTypehash = keccak256("SnowmanClaim(address receiver, uint256 amount)");

bytes32 structHash = keccak256(abi.encode(correctTypehash, user, amount));

bytes32 domainSeparator = keccak256(

abi.encode(

keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)"),

keccak256("Snowman Airdrop"),

keccak256("1"),

block.chainid,

address(airdrop)

)

);

bytes32 digest = keccak256(abi.encodePacked("\x19\x01", domainSeparator, structHash));

(uint8 v, bytes32 r, bytes32 s) = vm.sign(userPk, digest);

bytes32 contractDigest = airdrop.getMessageHash(user);

assertTrue(digest != contractDigest, "Digests differ due to typo");

bytes32[] memory proof = new bytes32[](0);

vm.prank(user);

snow.approve(address(airdrop), amount);

vm.expectRevert(SnowmanAirdrop.SA__InvalidSignature.selector);

airdrop.claimSnowman(user, proof, v, r, s);

}

Recommended Mitigation

- bytes32 private constant MESSAGE_TYPEHASH =

- keccak256("SnowmanClaim(addres receiver, uint256 amount)");

+ bytes32 private constant MESSAGE_TYPEHASH =

+ keccak256("SnowmanClaim(address receiver, uint256 amount)");

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 1 hour ago

Submission Judgement Published

Validated

Assigned finding tags:

[H-02] Unconsistent `MESSAGE_TYPEHASH` with standart EIP-712 declaration on contract `SnowmanAirdrop`

# Root + Impact ## Description * Little typo on `MESSAGE_TYPEHASH` Declaration on `SnowmanAirdrop` contract ```Solidity // src/SnowmanAirdrop.sol 49: bytes32 private constant MESSAGE_TYPEHASH = keccak256("SnowmanClaim(addres receiver, uint256 amount)"); ``` **Impact**: * `function claimSnowman` never be `TRUE` condition ## Proof of Concept Applying this function at the end of /test/TestSnowmanAirdrop.t.sol to know what the correct and wrong digest output HASH. Ran with command: `forge test --match-test testFrontendSignatureVerification -vvvv` ```Solidity function testFrontendSignatureVerification() public { // Setup Alice for the test vm.startPrank(alice); snow.approve(address(airdrop), 1); vm.stopPrank(); // Simulate frontend using the correct format bytes32 FRONTEND_MESSAGE_TYPEHASH = keccak256("SnowmanClaim(address receiver, uint256 amount)"); // Domain separator used by frontend (per EIP-712) bytes32 DOMAIN_SEPARATOR = keccak256( abi.encode( keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)"), keccak256("Snowman Airdrop"), keccak256("1"), block.chainid, address(airdrop) ) ); // Get Alice's token amount uint256 amount = snow.balanceOf(alice); // Frontend creates hash using the correct format bytes32 structHash = keccak256( abi.encode( FRONTEND_MESSAGE_TYPEHASH, alice, amount ) ); // Frontend creates the final digest (per EIP-712) bytes32 frontendDigest = keccak256( abi.encodePacked( "\x19\x01", DOMAIN_SEPARATOR, structHash ) ); // Alice signs the digest created by the frontend (uint8 v, bytes32 r, bytes32 s) = vm.sign(alKey, frontendDigest); // Digest created by the contract (with typo) bytes32 contractDigest = airdrop.getMessageHash(alice); // Display both digests for comparison console2.log("Frontend Digest (correct format):"); console2.logBytes32(frontendDigest); console2.log("Contract Digest (with typo):"); console2.logBytes32(contractDigest); // Compare the digests - they should differ due to the typo assertFalse( frontendDigest == contractDigest, "Digests should differ due to typo in MESSAGE_TYPEHASH" ); // Attempt to claim with the signature - should fail vm.prank(satoshi); vm.expectRevert(SnowmanAirdrop.SA__InvalidSignature.selector); airdrop.claimSnowman(alice, AL_PROOF, v, r, s); assertEq(nft.balanceOf(alice), 0); } ``` ## Recommended Mitigation on contract `SnowmanAirdrop` Line 49 applying this: ```diff - bytes32 private constant MESSAGE_TYPEHASH = keccak256("SnowmanClaim(addres receiver, uint256 amount)"); + bytes32 private constant MESSAGE_TYPEHASH = keccak256("SnowmanClaim(address receiver, uint256 amount)"); ```

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!