Snowman Merkle Airdrop

AI First Flight #10

Beginner FriendlyFoundrySolidityNFT

EXP

View results

Previous Next

Submission Details

Severity: high

Valid

`Typo in EIP-712 MESSAGE_TYPEHASH Breaks Signature-Based Claims`

alaaeldinsabib

Summary

The MESSAGE_TYPEHASH constant in SnowmanAirdrop.sol contains a typo: "addres" instead of "address". This causes all EIP-712 signatures from standard wallets to be invalid, breaking the "claim on behalf" feature.

Description

EIP-712 hashing is strictly sensitive to the exact string representation. The typo causes:

Wallets compute: keccak256("SnowmanClaim(address receiver, uint256 amount)")
Contract computes: keccak256("SnowmanClaim(addres receiver, uint256 amount)")

The hashes don't match, causing signature verification to always fail.

Root Cause

File: src/SnowmanAirdrop.sol (line 39)

// Vulnerable code:

bytes32 private constant MESSAGE_TYPEHASH =

keccak256("SnowmanClaim(addres receiver, uint256 amount)");

// ^^^^^^

// Missing 's'!

Risk

Severity: High
Likelihood: High
Impact: High

❌ Signature-based claims completely broken
❌ Delegation functionality unusable
✅ Direct claims still work

Proof of Concept

Scenario: Alice signs with standard EIP-712 wallet, Bob tries to claim on her behalf.

Expected: Signature valid, claim succeeds
Actual: Hash mismatch, claim fails with SA__InvalidSignature

function test_SignatureFailsDueToTypo() public {

address alice = makeAddr("alice");

address bob = makeAddr("bob");

uint256 alicePrivateKey = 0xA11CE;

uint256 amount = 100 ether;

bytes32[] memory proof = new bytes32[](0);

// Alice generates signature using STANDARD EIP-712 (correct typehash)

bytes32 correctTypeHash = keccak256("SnowmanClaim(address receiver, uint256 amount)");

bytes32 correctDigest = keccak256(abi.encodePacked(

"\x19\x01",

airdrop.DOMAIN_SEPARATOR(),

keccak256(abi.encode(correctTypeHash, alice, amount))

));

(uint8 v, bytes32 r, bytes32 s) = vm.sign(alicePrivateKey, correctDigest);

// Bob attempts to claim - FAILS due to typo

vm.prank(bob);

vm.expectRevert(SnowmanAirdrop.SA__InvalidSignature.selector);

airdrop.claimSnowman(alice, proof, v, r, s);

// Proves: Contract uses WRONG typehash, standard signatures always fail

}

Test Output:

Transaction reverted: SA__InvalidSignature

Hash mismatch: contract typehash uses "addres", signature uses "address"

Recommended Mitigation

Correct the typo:

// Fixed:

bytes32 private constant MESSAGE_TYPEHASH =

keccak256("SnowmanClaim(address receiver, uint256 amount)");

// ^^^^^^^^

// Fixed!

This ensures compatibility with standard EIP-712 wallets and SDKs.

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 2 hours ago

Submission Judgement Published

Validated

Assigned finding tags:

[H-02] Unconsistent `MESSAGE_TYPEHASH` with standart EIP-712 declaration on contract `SnowmanAirdrop`

# Root + Impact ## Description * Little typo on `MESSAGE_TYPEHASH` Declaration on `SnowmanAirdrop` contract ```Solidity // src/SnowmanAirdrop.sol 49: bytes32 private constant MESSAGE_TYPEHASH = keccak256("SnowmanClaim(addres receiver, uint256 amount)"); ``` **Impact**: * `function claimSnowman` never be `TRUE` condition ## Proof of Concept Applying this function at the end of /test/TestSnowmanAirdrop.t.sol to know what the correct and wrong digest output HASH. Ran with command: `forge test --match-test testFrontendSignatureVerification -vvvv` ```Solidity function testFrontendSignatureVerification() public { // Setup Alice for the test vm.startPrank(alice); snow.approve(address(airdrop), 1); vm.stopPrank(); // Simulate frontend using the correct format bytes32 FRONTEND_MESSAGE_TYPEHASH = keccak256("SnowmanClaim(address receiver, uint256 amount)"); // Domain separator used by frontend (per EIP-712) bytes32 DOMAIN_SEPARATOR = keccak256( abi.encode( keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)"), keccak256("Snowman Airdrop"), keccak256("1"), block.chainid, address(airdrop) ) ); // Get Alice's token amount uint256 amount = snow.balanceOf(alice); // Frontend creates hash using the correct format bytes32 structHash = keccak256( abi.encode( FRONTEND_MESSAGE_TYPEHASH, alice, amount ) ); // Frontend creates the final digest (per EIP-712) bytes32 frontendDigest = keccak256( abi.encodePacked( "\x19\x01", DOMAIN_SEPARATOR, structHash ) ); // Alice signs the digest created by the frontend (uint8 v, bytes32 r, bytes32 s) = vm.sign(alKey, frontendDigest); // Digest created by the contract (with typo) bytes32 contractDigest = airdrop.getMessageHash(alice); // Display both digests for comparison console2.log("Frontend Digest (correct format):"); console2.logBytes32(frontendDigest); console2.log("Contract Digest (with typo):"); console2.logBytes32(contractDigest); // Compare the digests - they should differ due to the typo assertFalse( frontendDigest == contractDigest, "Digests should differ due to typo in MESSAGE_TYPEHASH" ); // Attempt to claim with the signature - should fail vm.prank(satoshi); vm.expectRevert(SnowmanAirdrop.SA__InvalidSignature.selector); airdrop.claimSnowman(alice, AL_PROOF, v, r, s); assertEq(nft.balanceOf(alice), 0); } ``` ## Recommended Mitigation on contract `SnowmanAirdrop` Line 49 applying this: ```diff - bytes32 private constant MESSAGE_TYPEHASH = keccak256("SnowmanClaim(addres receiver, uint256 amount)"); + bytes32 private constant MESSAGE_TYPEHASH = keccak256("SnowmanClaim(address receiver, uint256 amount)"); ```

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!