Snowman Merkle Airdrop

AI First Flight #10

Beginner FriendlyFoundrySolidityNFT

EXP

View results

Previous Next

Submission Details

Severity: high

Valid

Typo in EIP-712 `MESSAGE_TYPEHASH` ("addres" instead of "address") breaks signature compatibility with all standard wallets

404persona

Description

The SnowmanAirdrop contract uses EIP-712 typed structured data for signature verification, allowing third parties to claim Snowman NFTs on behalf of recipients. The MESSAGE_TYPEHASH is used to construct the digest that recipients sign.
The typehash contains a typo — "addres" instead of "address" — which means the contract's internal digest differs from what any standards-compliant EIP-712 implementation (MetaMask, ethers.js, viem, etc.) would produce. Any signature generated by a standard wallet will be rejected by the contract.

// src/SnowmanAirdrop.sol:49

bytes32 private constant MESSAGE_TYPEHASH =

keccak256("SnowmanClaim(addres receiver, uint256 amount)");

// @> ^^^^^^^ missing 's' — should be "address"

Risk

Likelihood:

Every standard EIP-712 implementation uses the correct Solidity type names — the mismatch is guaranteed
Any frontend or wallet constructing the signing request with "address receiver" produces a different typehash

Impact:

All legitimate off-chain signatures from standard wallets are rejected
The "claim on behalf of" functionality is completely broken for real-world usage
Recipients cannot delegate their claims to gas payers as intended by the protocol design

Proof of Concept

// SPDX-License-Identifier: MIT

pragma solidity ^0.8.24;

import {Test, console2} from "forge-std/Test.sol";

import {Snow} from "../src/Snow.sol";

import {Snowman} from "../src/Snowman.sol";

import {SnowmanAirdrop} from "../src/SnowmanAirdrop.sol";

import {Helper} from "../script/Helper.s.sol";

import {MockWETH} from "../src/mock/MockWETH.sol";

contract PoC_H01 is Test {

Snow snow;

Snowman nft;

SnowmanAirdrop airdrop;

MockWETH weth;

address alice;

uint256 alKey;

function setUp() public {

Helper deployer = new Helper();

(airdrop, snow, nft, weth) = deployer.run();

(alice, alKey) = makeAddrAndKey("alice");

}

// H-01: EIP-712 MESSAGE_TYPEHASH contains "addres" instead of "address".

// The contract's digest differs from any standard EIP-712 implementation,

// breaking signature compatibility with all real wallets.

function test_H01_TypehashTypo() public {

bytes32 wrongTypehash = keccak256("SnowmanClaim(addres receiver, uint256 amount)");

bytes32 correctTypehash = keccak256("SnowmanClaim(address receiver, uint256 amount)");

console2.log("Wrong typehash (in contract):");

console2.logBytes32(wrongTypehash);

console2.log("Correct typehash:");

console2.logBytes32(correctTypehash);

assertTrue(wrongTypehash != correctTypehash, "Typehashes should differ due to typo");

uint256 amount = snow.balanceOf(alice);

assertEq(amount, 1, "Alice should have 1 Snow token");

vm.prank(alice);

snow.approve(address(airdrop), amount);

bytes32 contractDigest = airdrop.getMessageHash(alice);

console2.log("Contract digest (wrong typehash):");

console2.logBytes32(contractDigest);

console2.log("Any standard EIP-712 tool would produce a DIFFERENT digest,");

console2.log("making legitimate off-chain signatures INVALID");

}

Output:

[PASS] test_H01_TypehashTypo() (gas: 70162)

Logs:

Wrong typehash (in contract):

0xff59e96f4a12fdaf4e417a1440b578f822f6cb542be1a2a7c196280bec54f9ab

Correct typehash:

0x6cedfa9a039e959a5fe5a6e4224acac28bb707e70fb8ad28e3ac109c88b280d6

Contract digest (wrong typehash):

0xade7201527deccec00a028e81e6b632f8258d3204971d43e7912ce0010068990

Any standard EIP-712 tool would produce a DIFFERENT digest,

making legitimate off-chain signatures INVALID

Recommended Mitigation

Fix the typo in the MESSAGE_TYPEHASH constant by correcting "addres" to "address". This aligns the contract's EIP-712 type string with the actual Solidity type used in the SnowmanClaim struct, restoring compatibility with all standard wallets and EIP-712 libraries.

- bytes32 private constant MESSAGE_TYPEHASH = keccak256("SnowmanClaim(addres receiver, uint256 amount)");

+ bytes32 private constant MESSAGE_TYPEHASH = keccak256("SnowmanClaim(address receiver, uint256 amount)");

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 1 hour ago

Submission Judgement Published

Validated

Assigned finding tags:

[H-02] Unconsistent `MESSAGE_TYPEHASH` with standart EIP-712 declaration on contract `SnowmanAirdrop`

# Root + Impact ## Description * Little typo on `MESSAGE_TYPEHASH` Declaration on `SnowmanAirdrop` contract ```Solidity // src/SnowmanAirdrop.sol 49: bytes32 private constant MESSAGE_TYPEHASH = keccak256("SnowmanClaim(addres receiver, uint256 amount)"); ``` **Impact**: * `function claimSnowman` never be `TRUE` condition ## Proof of Concept Applying this function at the end of /test/TestSnowmanAirdrop.t.sol to know what the correct and wrong digest output HASH. Ran with command: `forge test --match-test testFrontendSignatureVerification -vvvv` ```Solidity function testFrontendSignatureVerification() public { // Setup Alice for the test vm.startPrank(alice); snow.approve(address(airdrop), 1); vm.stopPrank(); // Simulate frontend using the correct format bytes32 FRONTEND_MESSAGE_TYPEHASH = keccak256("SnowmanClaim(address receiver, uint256 amount)"); // Domain separator used by frontend (per EIP-712) bytes32 DOMAIN_SEPARATOR = keccak256( abi.encode( keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)"), keccak256("Snowman Airdrop"), keccak256("1"), block.chainid, address(airdrop) ) ); // Get Alice's token amount uint256 amount = snow.balanceOf(alice); // Frontend creates hash using the correct format bytes32 structHash = keccak256( abi.encode( FRONTEND_MESSAGE_TYPEHASH, alice, amount ) ); // Frontend creates the final digest (per EIP-712) bytes32 frontendDigest = keccak256( abi.encodePacked( "\x19\x01", DOMAIN_SEPARATOR, structHash ) ); // Alice signs the digest created by the frontend (uint8 v, bytes32 r, bytes32 s) = vm.sign(alKey, frontendDigest); // Digest created by the contract (with typo) bytes32 contractDigest = airdrop.getMessageHash(alice); // Display both digests for comparison console2.log("Frontend Digest (correct format):"); console2.logBytes32(frontendDigest); console2.log("Contract Digest (with typo):"); console2.logBytes32(contractDigest); // Compare the digests - they should differ due to the typo assertFalse( frontendDigest == contractDigest, "Digests should differ due to typo in MESSAGE_TYPEHASH" ); // Attempt to claim with the signature - should fail vm.prank(satoshi); vm.expectRevert(SnowmanAirdrop.SA__InvalidSignature.selector); airdrop.claimSnowman(alice, AL_PROOF, v, r, s); assertEq(nft.balanceOf(alice), 0); } ``` ## Recommended Mitigation on contract `SnowmanAirdrop` Line 49 applying this: ```diff - bytes32 private constant MESSAGE_TYPEHASH = keccak256("SnowmanClaim(addres receiver, uint256 amount)"); + bytes32 private constant MESSAGE_TYPEHASH = keccak256("SnowmanClaim(address receiver, uint256 amount)"); ```

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!