Submission Details
Severity:
`L2ContractMigrationFacet` isn't compatible with the EIP712
## Line of code
https://github.com/Cyfrin/2024-05-beanstalk-the-finale/blob/main/protocol/contracts/beanstalk/silo/L2ContractMigrationFacet.sol#L230
## Vulnerability details
There are two incompatibilities in the current implementation of EIP712 in the contract `L2ContractMigrationFacet`.
1. The `chainId` in calculating the `_domainSeparatorV4()` is kept constant in this line:
```solidity
uint256 private constant LEGACY_CHAIN_ID = 1;
```
This is problematic because in case of a hardfork the chainId will 1 (constant) always and will point to a wrong chainID leading to possible replay attacks.
2. The [EIP712 Specification](https://eips.ethereum.org/EIPS/eip-712#definition-of-domainseparator) suggests a salt value inclusion while calculating the domain separator.
> `bytes32 salt` an disambiguating salt for the protocol. This can be used as a domain separator of last resort.
In the current implement in `_domainSeparatorV4()`, the salt value isn't encoded.
```solidity
function _domainSeparatorV4() internal view returns (bytes32) {
return
keccak256(
abi.encode(
EIP712_TYPE_HASH,
MIGRATION_HASHED_NAME,
MIGRATION_HASHED_VERSION,
C.getLegacyChainId(), // hardfork may occur. @audit
address(this)
) // @audit salt is missing when calculating the domain seperator
);
}
```
## Impact
There is a possibility of replay attacks due to the incompatibilities shown in the vulnerability details section. The EIP specifications are meant to be strictly followed by the protocol.
## Tools Used
Manual
## Recommendation
Follow The EIP Specifications Properly.
Updates
Lead Judging Commences
inallhonesty about 1 year ago
Submission Judgement Published Reason: Known issue
Assigned finding tags:
Replay attack in case of hard fork - Hardcoded chainId 712
Prize pool breakdown
Total prize
250,000 USDC
nSLOC
12,28520 USDC / LOC
220,000 USDC
10,000 USDC
20,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.