Submission Details
Severity:
`LibTractor` has an incorrect EIP712 domain separator.
Github link
Summary
LibTractor has an incorrect EIP712 domain separator.
Vulnerability Details
_domainSeparatorV4() should use EIP712_TYPE_HASH but uses BLUEPRINT_TYPE_HASH wrongly.
bytes32 private constant EIP712_TYPE_HASH =
keccak256(
"EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)"
);
bytes32 public constant BLUEPRINT_TYPE_HASH =
keccak256(
"Blueprint(address publisher,bytes data,bytes operatorData,uint256 maxNonce,uint256 startTime,uint256 endTime)"
);
function _domainSeparatorV4() internal view returns (bytes32) {
return
keccak256(
abi.encode(
BLUEPRINT_TYPE_HASH, //@audit wrong hash
TRACTOR_HASHED_NAME,
TRACTOR_HASHED_VERSION,
C.getChainId(),
address(this)
)
);
}
So _domainSeparatorV4() returns an incorrect domain separator and will cause the signature verification to fail.
Impact
The permit transactions wouldn't work with the wrong domain separator.
Tools Used
Manual Review
Recommendations
_domainSeparatorV4() should use EIP712_TYPE_HASH instead of BLUEPRINT_TYPE_HASH.
Updates
Lead Judging Commences
inallhonesty over 1 year ago
Submission Judgement Published Assigned finding tags:
Tractor not compliant to EIP712 requirement because it's using the type hash of the blueprint, not the EIP712Domain
Prize pool breakdown
Total prize
250,000 USDC
nSLOC
12,28520 USDC / LOC
220,000 USDC
10,000 USDC
20,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.