Snowman Merkle Airdrop
AI First Flight #10
Beginner FriendlyFoundrySolidityNFT
EXP
View results
Previous Next
Submission Details
Severity: high
Valid

EIP-712 MESSAGE_TYPEHASH contains typo "addres" instead of "address", permanently breaking all signature-based claims

brizybryan

Root + Impact

Description

  • The Snowman Airdrop allows recipients to have someone else claim on their behalf using EIP-712 signatures. The contract hashes a SnowmanClaim struct using MESSAGE_TYPEHASH to produce the digest that the signer must sign.

    The MESSAGE_TYPEHASH on line 49 contains a typo — "addres" instead of "address" — which produces a completely different keccak256 hash than what any standards-compliant wallet or off-chain signer would compute. This means every signature verification via _isValidSignature will fail, as the digest the user signs off-chain will never match the digest computed on-chain.

// Root cause in SnowmanAirdrop.sol line 49
bytes32 private constant MESSAGE_TYPEHASH =
keccak256("SnowmanClaim(addres receiver, uint256 amount)");
// @> "addres" is missing the trailing 's'
// @> Should be "address"

Risk

Likelihood:

  • This occurs on every single call to claimSnowman where signatures are produced using standard EIP-712 tooling (ethers.js, MetaMask, etc.), which is the only expected signing path.

  • The typo is baked into a constant, so it cannot be fixed post-deployment. Every deployment of this contract is permanently broken.

Impact:

  • All delegated claims (where someone claims on behalf of a recipient) will always revert with SA__InvalidSignature().

  • The core airdrop functionality — claiming Snowman NFTs via signed messages — is completely non-functional.

Proof of Concept

The test below demonstrates that the typo produces a fundamentally different typehash than the correct EIP-712 specification. Because keccak256 is a cryptographic hash, even a single missing character ("addres" vs "address") produces an entirely unrelated digest. This means any wallet signing with the correct type string "address" will produce a signature that the contract rejects, since the contract internally uses the wrong hash.

function testH01_TypehashTypoBreaksSignatures() public {
// The contract uses this (wrong) typehash:
bytes32 wrongTypehash = keccak256("SnowmanClaim(addres receiver, uint256 amount)");
// Any standard EIP-712 implementation would use:
bytes32 correctTypehash = keccak256("SnowmanClaim(address receiver, uint256 amount)");
// These are completely different hashes
assert(wrongTypehash != correctTypehash);
// This means digests computed on-chain vs off-chain will NEVER match,
// causing _isValidSignature to always return false.
}

Recommended Mitigation

Fix the typo by adding the missing s to "addres" so it reads "address". This ensures the on-chain typehash matches what standard EIP-712 wallets and libraries produce, restoring signature compatibility.

- bytes32 private constant MESSAGE_TYPEHASH = keccak256("SnowmanClaim(addres receiver, uint256 amount)");
+ bytes32 private constant MESSAGE_TYPEHASH = keccak256("SnowmanClaim(address receiver, uint256 amount)");
Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 4 hours ago
Submission Judgement Published
Validated
Assigned finding tags:

[H-02] Unconsistent `MESSAGE_TYPEHASH` with standart EIP-712 declaration on contract `SnowmanAirdrop`

# Root + Impact ## Description * Little typo on `MESSAGE_TYPEHASH` Declaration on `SnowmanAirdrop` contract ```Solidity // src/SnowmanAirdrop.sol 49: bytes32 private constant MESSAGE_TYPEHASH = keccak256("SnowmanClaim(addres receiver, uint256 amount)"); ``` **Impact**: * `function claimSnowman` never be `TRUE` condition ## Proof of Concept Applying this function at the end of /test/TestSnowmanAirdrop.t.sol to know what the correct and wrong digest output HASH. Ran with command: `forge test --match-test testFrontendSignatureVerification -vvvv` ```Solidity function testFrontendSignatureVerification() public { // Setup Alice for the test vm.startPrank(alice); snow.approve(address(airdrop), 1); vm.stopPrank(); // Simulate frontend using the correct format bytes32 FRONTEND_MESSAGE_TYPEHASH = keccak256("SnowmanClaim(address receiver, uint256 amount)"); // Domain separator used by frontend (per EIP-712) bytes32 DOMAIN_SEPARATOR = keccak256( abi.encode( keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)"), keccak256("Snowman Airdrop"), keccak256("1"), block.chainid, address(airdrop) ) ); // Get Alice's token amount uint256 amount = snow.balanceOf(alice); // Frontend creates hash using the correct format bytes32 structHash = keccak256( abi.encode( FRONTEND_MESSAGE_TYPEHASH, alice, amount ) ); // Frontend creates the final digest (per EIP-712) bytes32 frontendDigest = keccak256( abi.encodePacked( "\x19\x01", DOMAIN_SEPARATOR, structHash ) ); // Alice signs the digest created by the frontend (uint8 v, bytes32 r, bytes32 s) = vm.sign(alKey, frontendDigest); // Digest created by the contract (with typo) bytes32 contractDigest = airdrop.getMessageHash(alice); // Display both digests for comparison console2.log("Frontend Digest (correct format):"); console2.logBytes32(frontendDigest); console2.log("Contract Digest (with typo):"); console2.logBytes32(contractDigest); // Compare the digests - they should differ due to the typo assertFalse( frontendDigest == contractDigest, "Digests should differ due to typo in MESSAGE_TYPEHASH" ); // Attempt to claim with the signature - should fail vm.prank(satoshi); vm.expectRevert(SnowmanAirdrop.SA__InvalidSignature.selector); airdrop.claimSnowman(alice, AL_PROOF, v, r, s); assertEq(nft.balanceOf(alice), 0); } ``` ## Recommended Mitigation on contract `SnowmanAirdrop` Line 49 applying this: ```diff - bytes32 private constant MESSAGE_TYPEHASH = keccak256("SnowmanClaim(addres receiver, uint256 amount)"); + bytes32 private constant MESSAGE_TYPEHASH = keccak256("SnowmanClaim(address receiver, uint256 amount)"); ```

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!