Snowman Merkle Airdrop

AI First Flight #10

Beginner FriendlyFoundrySolidityNFT

EXP

View results

Previous Next

Submission Details

Severity: high

Valid

Typo in MESSAGE_TYPEHASH Causes Complete Signature Verification Failure

chefjay

Typo in MESSAGE_TYPEHASH Causes Complete Signature Verification Failure

Description

The MESSAGE_TYPEHASH contains a typo: "addres" instead of "address". This causes all signature verifications to fail because the hash won't match what users sign.

@> bytes32 private constant MESSAGE_TYPEHASH = keccak256("SnowmanClaim(addres receiver, uint256 amount)");

// ^^^^^^^ TYPO!

Risk

Likelihood:

The issue is a constant until changed

Impact:

NO USER CAN EVER CLAIM AIRDROPS - All signature verifications will fail
The entire airdrop mechanism is non-functional
Protocol is completely broken

Proof of Concept

// SPDX-License-Identifier: MIT

pragma solidity ^0.8.24;

import {Test, console2} from "forge-std/Test.sol";

import {Snow} from "../src/Snow.sol";

import {Snowman} from "../src/Snowman.sol";

import {SnowmanAirdrop} from "../src/SnowmanAirdrop.sol";

import {MockWETH} from "../src/mock/MockWETH.sol";

import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";

/**

* @title Snowman Audit Tests

* @notice Comprehensive tests proving each vulnerability found in the audit

* @dev Run with: forge test --match-contract SnowmanAuditTests -vvvv

contract SnowmanAuditTests is Test {

Snow public snow;

Snowman public snowman;

SnowmanAirdrop public airdrop;

MockWETH public weth;

address public owner = makeAddr("owner");

address public collector = makeAddr("collector");

address public alice = makeAddr("alice");

address public bob = makeAddr("bob");

address public attacker = makeAddr("attacker");

uint256 constant BUY_FEE = 0.001 ether;

uint256 constant INITIAL_BALANCE = 1000 ether;

string constant SVG_URI =

"data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iMTAwIiBoZWlnaHQ9IjEwMCI+";

bytes32 public merkleRoot;

function setUp() public {

// Deploy contracts

vm.startPrank(owner);

weth = new MockWETH();

snow = new Snow(address(weth), BUY_FEE, collector);

snowman = new Snowman(SVG_URI);

// Create simple merkle root (not important for most tests)

merkleRoot = keccak256(abi.encodePacked("test"));

airdrop = new SnowmanAirdrop(

merkleRoot,

address(snow),

address(snowman)

);

vm.stopPrank();

// Fund test accounts

vm.deal(alice, INITIAL_BALANCE);

vm.deal(bob, INITIAL_BALANCE);

vm.deal(attacker, INITIAL_BALANCE);

// Mint WETH to users

weth.mint(alice, INITIAL_BALANCE);

weth.mint(bob, INITIAL_BALANCE);

weth.mint(attacker, INITIAL_BALANCE);

}

/**

* @notice C-2: Typo in MESSAGE_TYPEHASH Causes Signature Verification Failure

* @dev Proves that the signature verification will always fail due to typo

function test_C2_TypeHashTypoCausesSignatureFailure() public {

console2.log("=== C-2: Testing MESSAGE_TYPEHASH Typo ===");

// Give alice some Snow tokens

vm.prank(alice);

snow.earnSnow();

uint256 aliceBalance = snow.balanceOf(alice);

console2.log(

string(

abi.encodePacked(

"Alice Snow balance:",

vm.toString(aliceBalance)

)

);

// Create the CORRECT typehash (what user would sign)

bytes32 correctTypeHash = keccak256(

"SnowmanClaim(address receiver, uint256 amount)"

);

console2.log("Correct TypeHash:");

console2.logBytes32(correctTypeHash);

// The INCORRECT typehash in contract (with typo "addres")

bytes32 contractTypeHash = keccak256(

"SnowmanClaim(addres receiver, uint256 amount)"

);

console2.log("Contract TypeHash (with typo):");

console2.logBytes32(contractTypeHash);

// Proof: The hashes are different

assertFalse(

correctTypeHash == contractTypeHash,

"TypeHashes should be different"

);

console2.log(

"VULNERABILITY CONFIRMED: TypeHash mismatch will cause all signature verifications to fail!"

);

}

Recommended Mitigation

- bytes32 private constant MESSAGE_TYPEHASH = keccak256("SnowmanClaim(addres receiver, uint256 amount)");

+ bytes32 private constant MESSAGE_TYPEHASH = keccak256("SnowmanClaim(address receiver, uint256 amount)");

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 19 hours ago

Submission Judgement Published

Validated

Assigned finding tags:

[H-02] Unconsistent `MESSAGE_TYPEHASH` with standart EIP-712 declaration on contract `SnowmanAirdrop`

# Root + Impact ## Description * Little typo on `MESSAGE_TYPEHASH` Declaration on `SnowmanAirdrop` contract ```Solidity // src/SnowmanAirdrop.sol 49: bytes32 private constant MESSAGE_TYPEHASH = keccak256("SnowmanClaim(addres receiver, uint256 amount)"); ``` **Impact**: * `function claimSnowman` never be `TRUE` condition ## Proof of Concept Applying this function at the end of /test/TestSnowmanAirdrop.t.sol to know what the correct and wrong digest output HASH. Ran with command: `forge test --match-test testFrontendSignatureVerification -vvvv` ```Solidity function testFrontendSignatureVerification() public { // Setup Alice for the test vm.startPrank(alice); snow.approve(address(airdrop), 1); vm.stopPrank(); // Simulate frontend using the correct format bytes32 FRONTEND_MESSAGE_TYPEHASH = keccak256("SnowmanClaim(address receiver, uint256 amount)"); // Domain separator used by frontend (per EIP-712) bytes32 DOMAIN_SEPARATOR = keccak256( abi.encode( keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)"), keccak256("Snowman Airdrop"), keccak256("1"), block.chainid, address(airdrop) ) ); // Get Alice's token amount uint256 amount = snow.balanceOf(alice); // Frontend creates hash using the correct format bytes32 structHash = keccak256( abi.encode( FRONTEND_MESSAGE_TYPEHASH, alice, amount ) ); // Frontend creates the final digest (per EIP-712) bytes32 frontendDigest = keccak256( abi.encodePacked( "\x19\x01", DOMAIN_SEPARATOR, structHash ) ); // Alice signs the digest created by the frontend (uint8 v, bytes32 r, bytes32 s) = vm.sign(alKey, frontendDigest); // Digest created by the contract (with typo) bytes32 contractDigest = airdrop.getMessageHash(alice); // Display both digests for comparison console2.log("Frontend Digest (correct format):"); console2.logBytes32(frontendDigest); console2.log("Contract Digest (with typo):"); console2.logBytes32(contractDigest); // Compare the digests - they should differ due to the typo assertFalse( frontendDigest == contractDigest, "Digests should differ due to typo in MESSAGE_TYPEHASH" ); // Attempt to claim with the signature - should fail vm.prank(satoshi); vm.expectRevert(SnowmanAirdrop.SA__InvalidSignature.selector); airdrop.claimSnowman(alice, AL_PROOF, v, r, s); assertEq(nft.balanceOf(alice), 0); } ``` ## Recommended Mitigation on contract `SnowmanAirdrop` Line 49 applying this: ```diff - bytes32 private constant MESSAGE_TYPEHASH = keccak256("SnowmanClaim(addres receiver, uint256 amount)"); + bytes32 private constant MESSAGE_TYPEHASH = keccak256("SnowmanClaim(address receiver, uint256 amount)"); ```

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!