Snowman Merkle Airdrop

AI First Flight #10

Beginner FriendlyFoundrySolidityNFT

EXP

View results

Previous Next

Submission Details

Severity: high

Valid

Security Vulnerability Report: EIP-712 Typehash Typo in SnowmanAirdrop

r7al38

Root + Impact

Root Cause: A simple spelling mistake in the MESSAGE_TYPEHASH constant breaks EIP‑712 compliance.
Impact: All valid signatures generated by wallets (MetaMask, ethers.js) are rejected, making the claimSnowman function unusable.

Description

Under normal behavior, the contract uses EIP‑712 structured signatures to verify that a user authorizes the claim. The frontend builds a typehash following the exact Solidity struct definition, signs it, and sends the signature to the contract.

The problem is that the contract defines its typehash with a typo – addres instead of address. Because the typehash does not match the one used off‑chain, every genuine signature fails verification, and the transaction reverts with SA__InvalidSignature.

// @> Line where the typo exists

bytes32 private constant MESSAGE_TYPEHASH = keccak256("SnowmanClaim(addres receiver, uint256 amount)");

// ^^^^^^ should be "address"

Risk

Likelihood:High

The typo is hard‑coded; it will affect every claim attempt.
Any user interacting through a standard wallet will always produce a signature with the correct typehash, so the failure is guaranteed on each call.

Impact:High

The core functionality of the contract – claiming Snowman NFTs – is completely broken.
Users cannot receive their NFTs, leading to loss of promised assets and complete loss of trust in the project.

Proof of Concept

The following Foundry test demonstrates that a valid off‑chain signature is rejected by the contract:

// SPDX-License-Identifier: UNLICENSED

pragma solidity ^0.8.24;

import "forge-std/Test.sol";

import "../src/SnowmanAirdrop.sol";

import "@openzeppelin/contracts/token/ERC20/ERC20.sol";

// Mock ERC20 token

contract MockSnow is ERC20 {

constructor() ERC20("Mock Snow", "MSNOW") {

_mint(msg.sender, 1_000_000 * 10**18); // all tokens go to the deployer (test contract)

}

// Mock NFT contract

contract MockSnowman {

function mintSnowman(address, uint256) external {}

}

contract SnowmanAirdropPoC is Test {

SnowmanAirdrop public airdrop;

MockSnow public snow;

MockSnowman public snowman;

address public user = address(0x123);

uint256 public userPrivateKey = 0x123456;

function setUp() public {

// 1. Deploy mock tokens

snow = new MockSnow();

snowman = new MockSnowman();

// 2. Deploy the target airdrop contract (needs snow + snowman addresses)

airdrop = new SnowmanAirdrop(keccak256("mock"), address(snow), address(snowman));

// 3. Transfer some tokens from the test contract to the user

// (the test contract owns all minted tokens)

snow.transfer(user, 1000 * 10**18);

// 4. User approves the airdrop contract to spend their tokens

vm.startPrank(user);

snow.approve(address(airdrop), type(uint256).max);

vm.stopPrank();

}

function test_ValidSignatureFailsBecauseOfTypo() public {

uint256 amount = snow.balanceOf(user);

require(amount > 0, "User has no Snow tokens");

// Correct typehash (used by wallets / ethers.js)

bytes32 correctTypeHash = keccak256(

"SnowmanClaim(address receiver,uint256 amount)"

);

// Struct hash with the correct typehash

bytes32 structHash = keccak256(

abi.encode(

correctTypeHash,

SnowmanAirdrop.SnowmanClaim({receiver: user, amount: amount})

)

);

// Domain separator (must match the one used in the contract)

bytes32 domainSeparator = keccak256(

abi.encode(

keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)"),

keccak256(bytes("Snowman Airdrop")),

keccak256(bytes("1")),

block.chainid,

address(airdrop)

)

);

// Final digest: \x19\x01 ‖ domainSeparator ‖ structHash

bytes32 digest = keccak256(abi.encodePacked("\x19\x01", domainSeparator, structHash));

// Sign the digest with the user's private key

(uint8 v, bytes32 r, bytes32 s) = vm.sign(userPrivateKey, digest);

// Attempt to claim – the contract will use its buggy typehash and reject the signature

bytes32[] memory emptyProof = new bytes32[](0);

vm.prank(user);

vm.expectRevert(SnowmanAirdrop.SA__InvalidSignature.selector);

airdrop.claimSnowman(user, emptyProof, v, r, s);

// If we reach here, the test passed (valid signature was rejected)

}

Result: The test passes, proving that a correct signature is rejected because of the typo.

Recommended Mitigation

Fix the spelling of addres to address in the typehash string, then re‑deploy the contract.

- bytes32 private constant MESSAGE_TYPEHASH = keccak256("SnowmanClaim(addres receiver, uint256 amount)");

+ bytes32 private constant MESSAGE_TYPEHASH = keccak256("SnowmanClaim(address receiver, uint256 amount)");

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge 7 days ago

Submission Judgement Published

Validated

Assigned finding tags:

[H-02] Unconsistent `MESSAGE_TYPEHASH` with standart EIP-712 declaration on contract `SnowmanAirdrop`

# Root + Impact ## Description * Little typo on `MESSAGE_TYPEHASH` Declaration on `SnowmanAirdrop` contract ```Solidity // src/SnowmanAirdrop.sol 49: bytes32 private constant MESSAGE_TYPEHASH = keccak256("SnowmanClaim(addres receiver, uint256 amount)"); ``` **Impact**: * `function claimSnowman` never be `TRUE` condition ## Proof of Concept Applying this function at the end of /test/TestSnowmanAirdrop.t.sol to know what the correct and wrong digest output HASH. Ran with command: `forge test --match-test testFrontendSignatureVerification -vvvv` ```Solidity function testFrontendSignatureVerification() public { // Setup Alice for the test vm.startPrank(alice); snow.approve(address(airdrop), 1); vm.stopPrank(); // Simulate frontend using the correct format bytes32 FRONTEND_MESSAGE_TYPEHASH = keccak256("SnowmanClaim(address receiver, uint256 amount)"); // Domain separator used by frontend (per EIP-712) bytes32 DOMAIN_SEPARATOR = keccak256( abi.encode( keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)"), keccak256("Snowman Airdrop"), keccak256("1"), block.chainid, address(airdrop) ) ); // Get Alice's token amount uint256 amount = snow.balanceOf(alice); // Frontend creates hash using the correct format bytes32 structHash = keccak256( abi.encode( FRONTEND_MESSAGE_TYPEHASH, alice, amount ) ); // Frontend creates the final digest (per EIP-712) bytes32 frontendDigest = keccak256( abi.encodePacked( "\x19\x01", DOMAIN_SEPARATOR, structHash ) ); // Alice signs the digest created by the frontend (uint8 v, bytes32 r, bytes32 s) = vm.sign(alKey, frontendDigest); // Digest created by the contract (with typo) bytes32 contractDigest = airdrop.getMessageHash(alice); // Display both digests for comparison console2.log("Frontend Digest (correct format):"); console2.logBytes32(frontendDigest); console2.log("Contract Digest (with typo):"); console2.logBytes32(contractDigest); // Compare the digests - they should differ due to the typo assertFalse( frontendDigest == contractDigest, "Digests should differ due to typo in MESSAGE_TYPEHASH" ); // Attempt to claim with the signature - should fail vm.prank(satoshi); vm.expectRevert(SnowmanAirdrop.SA__InvalidSignature.selector); airdrop.claimSnowman(alice, AL_PROOF, v, r, s); assertEq(nft.balanceOf(alice), 0); } ``` ## Recommended Mitigation on contract `SnowmanAirdrop` Line 49 applying this: ```diff - bytes32 private constant MESSAGE_TYPEHASH = keccak256("SnowmanClaim(addres receiver, uint256 amount)"); + bytes32 private constant MESSAGE_TYPEHASH = keccak256("SnowmanClaim(address receiver, uint256 amount)"); ```

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!