EIP712 inconsistency in tractor blueprint
Summary
The _domainSeparatorV4 computation in LibTractor is wrong because it uses the BLUEPRINT_TYPE_HASH instead of EIP712_TYPE_HASH
Relevant GitHub Links:
Vulnerability Details
EIP712 states that to follow this proposal, it must implement the following structure to sign messages:
keccak256("\x19\x01" ‖ domainSeparator ‖ hashStruct(message)) where domainSeparator = hashStruct(eip712Domain). This eip721Domain should implement all or some of these parameters in order to prevent replaying attacks: string name, string version, uint256 chainId, address verifyingContract and bytes32 salt. In this case, we see that Beanstalk decided to use all of these parameters apart from the salt as we can see here. The typehash is computed correctly but when computing the domainSeparator we can see that a wrong typehash is used instead of using the EIP712_TYPE_HASH.
Impact
Medium
Implementing the domainSeparator in a wrong manner will make other integrators of the protocol to sign data that will not match with the contract implementation.
Tools Used
Manual review
Recommendations
Lead Judging Commences
Tractor not compliant to EIP712 requirement because it's using the type hash of the blueprint, not the EIP712Domain
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.