Submission Details
Severity:
Tractor uses incorrect Blueprint EIP712 typehash
Summary
There is deviation between Blueprint struct and its typehash, check 3rd argument:
bytes32 public constant BLUEPRINT_TYPE_HASH =
keccak256(
"Blueprint(address publisher,bytes data,bytes operatorData,uint256 maxNonce,uint256 startTime,uint256 endTime)"
);
struct Blueprint {
address publisher;
bytes data;
@> bytes32[] operatorPasteInstrs;
uint256 maxNonce;
uint256 startTime;
uint256 endTime;
}
As a result hashStruct calculation deviates from defined by EIP712, and users can't decode what object they sign on frontend
Impact
Tractor implementation deviates from EIP712
Tools Used
Manual Review
Recommendations
Update typehash to:
bytes32 public constant BLUEPRINT_TYPE_HASH =
keccak256(
- "Blueprint(address publisher,bytes data,bytes operatorData,uint256 maxNonce,uint256 startTime,uint256 endTime)"
+ "Blueprint(address publisher,bytes data,bytes32[] operatorPasteInstrs,uint256 maxNonce,uint256 startTime,uint256 endTime)"
);
Updates
Lead Judging Commences
inallhonesty over 1 year ago
Submission Judgement Published Assigned finding tags:
The declaration and use of `LibTractor::BLUEPRINT_TYPE_HASH` is inconsistent with the field name of the structure `struct Blueprint`
Prize pool breakdown
Total prize
250,000 USDC
nSLOC
12,28520
USDC / LOC
220,000 USDC
10,000 USDC
20,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.