Snowman Merkle Airdrop

AI First Flight #10

Beginner FriendlyFoundrySolidityNFT

EXP

View results

Previous Next

Submission Details

Severity: high

Valid

EIP-712 MESSAGE_TYPEHASH contains a typo (addres) that causes signature verification to always fail, permanently breaking claimSnowman()

cybervikink

Root + Impact

Description

SnowmanAirdrop uses EIP-712 typed structured data to allow a third party to claim on behalf of a receiver. The receiver signs a SnowmanClaim struct off-chain, and the contract verifies the signature via _isValidSignature() → getMessageHash().

getMessageHash() hashes the struct using MESSAGE_TYPEHASH. For EIP-712 to work correctly, the type string used to compute the typehash must match the canonical Solidity struct type signature exactly.

// @> Typo: "addres" instead of "address" — one character missing

bytes32 private constant MESSAGE_TYPEHASH =

keccak256("SnowmanClaim(addres receiver, uint256 amount)");

Risk

Likelihood:

This occurs on every single call to claimSnowman() without exception, as the typehash is a compile-time constant that cannot be corrected post-deployment.
Any legitimate receiver who signs the message with a proper EIP-712 wallet will have their claim rejected.

Impact:

The entire airdrop mechanism is permanently bricked at deployment — no Snowman NFT can ever be claimed through claimSnowman().
All Snow tokens that users hold for the purpose of claiming NFTs become useless for that purpose.
The protocol's core purpose (distributing Snowman NFTs via the airdrop) is completely non-functional.

Proof of Concept

// SPDX-License-Identifier: MIT

pragma solidity ^0.8.24;

import {Test} from "forge-std/Test.sol";

import {SnowmanAirdrop} from "../src/SnowmanAirdrop.sol";

import {Snow} from "../src/Snow.sol";

import {Snowman} from "../src/Snowman.sol";

import {Helper} from "../script/Helper.s.sol";

contract TypehashTypoPoC is Test {

// The correct typehash (what signers will produce)

bytes32 constant CORRECT_TYPEHASH =

keccak256("SnowmanClaim(address receiver,uint256 amount)");

// The broken typehash (what the contract actually uses)

bytes32 constant BROKEN_TYPEHASH =

keccak256("SnowmanClaim(addres receiver, uint256 amount)");

function testTypehashMismatch() public pure {

// They are different — signatures will never verify

assert(CORRECT_TYPEHASH != BROKEN_TYPEHASH);

}

function testClaimAlwaysRevertsOnSignature() public {

Helper helper = new Helper();

(SnowmanAirdrop airdrop, Snow snow,,) = helper.run();

address alice = makeAddr("alice");

// Give alice a Snow balance so balance check passes

// (She already earned 1 from Helper)

// Create a valid EIP-712 signature using the CORRECT typehash

uint256 alicePk = 0xA11CE;

address signer = vm.addr(alicePk);

deal(address(snow), signer, 1);

// Sign using the correct type string

bytes32 correctDigest = keccak256(

abi.encodePacked(

"\x19\x01",

airdrop.DOMAIN_SEPARATOR(), // hypothetical getter

keccak256(abi.encode(CORRECT_TYPEHASH, signer, uint256(1)))

)

);

(uint8 v, bytes32 r, bytes32 s) = vm.sign(alicePk, correctDigest);

bytes32[] memory proof = new bytes32[](0);

// This ALWAYS reverts with SA__InvalidSignature because the contract

// hashes with the broken typehash, producing a different digest

vm.expectRevert(SnowmanAirdrop.SA__InvalidSignature.selector);

airdrop.claimSnowman(signer, proof, v, r, s);

}

Recommended Mitigation

Fix the type string to exactly match the Solidity struct definition. Note also that EIP-712 canonical type strings do not include spaces after commas:

// Before (broken):

bytes32 private constant MESSAGE_TYPEHASH =

keccak256("SnowmanClaim(addres receiver, uint256 amount)");

// After (correct):

bytes32 private constant MESSAGE_TYPEHASH =

keccak256("SnowmanClaim(address receiver,uint256 amount)");

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 6 hours ago

Submission Judgement Published

Validated

Assigned finding tags:

[H-02] Unconsistent `MESSAGE_TYPEHASH` with standart EIP-712 declaration on contract `SnowmanAirdrop`

# Root + Impact ## Description * Little typo on `MESSAGE_TYPEHASH` Declaration on `SnowmanAirdrop` contract ```Solidity // src/SnowmanAirdrop.sol 49: bytes32 private constant MESSAGE_TYPEHASH = keccak256("SnowmanClaim(addres receiver, uint256 amount)"); ``` **Impact**: * `function claimSnowman` never be `TRUE` condition ## Proof of Concept Applying this function at the end of /test/TestSnowmanAirdrop.t.sol to know what the correct and wrong digest output HASH. Ran with command: `forge test --match-test testFrontendSignatureVerification -vvvv` ```Solidity function testFrontendSignatureVerification() public { // Setup Alice for the test vm.startPrank(alice); snow.approve(address(airdrop), 1); vm.stopPrank(); // Simulate frontend using the correct format bytes32 FRONTEND_MESSAGE_TYPEHASH = keccak256("SnowmanClaim(address receiver, uint256 amount)"); // Domain separator used by frontend (per EIP-712) bytes32 DOMAIN_SEPARATOR = keccak256( abi.encode( keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)"), keccak256("Snowman Airdrop"), keccak256("1"), block.chainid, address(airdrop) ) ); // Get Alice's token amount uint256 amount = snow.balanceOf(alice); // Frontend creates hash using the correct format bytes32 structHash = keccak256( abi.encode( FRONTEND_MESSAGE_TYPEHASH, alice, amount ) ); // Frontend creates the final digest (per EIP-712) bytes32 frontendDigest = keccak256( abi.encodePacked( "\x19\x01", DOMAIN_SEPARATOR, structHash ) ); // Alice signs the digest created by the frontend (uint8 v, bytes32 r, bytes32 s) = vm.sign(alKey, frontendDigest); // Digest created by the contract (with typo) bytes32 contractDigest = airdrop.getMessageHash(alice); // Display both digests for comparison console2.log("Frontend Digest (correct format):"); console2.logBytes32(frontendDigest); console2.log("Contract Digest (with typo):"); console2.logBytes32(contractDigest); // Compare the digests - they should differ due to the typo assertFalse( frontendDigest == contractDigest, "Digests should differ due to typo in MESSAGE_TYPEHASH" ); // Attempt to claim with the signature - should fail vm.prank(satoshi); vm.expectRevert(SnowmanAirdrop.SA__InvalidSignature.selector); airdrop.claimSnowman(alice, AL_PROOF, v, r, s); assertEq(nft.balanceOf(alice), 0); } ``` ## Recommended Mitigation on contract `SnowmanAirdrop` Line 49 applying this: ```diff - bytes32 private constant MESSAGE_TYPEHASH = keccak256("SnowmanClaim(addres receiver, uint256 amount)"); + bytes32 private constant MESSAGE_TYPEHASH = keccak256("SnowmanClaim(address receiver, uint256 amount)"); ```

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!