Wrong typehash definition violates `EIP-712`
Summary
The _getEnableModeDataHash function in the contract has a mismatch between the EIP-712 type hash and the actual data type used for initData, leading to a violation of the EIP-712 standard. This can result in invalid signatures and failed operations when interacting with other contracts or dApps that rely on the correct implementation of EIP-712.
Vulnerability Details
The MODULE_ENABLE_MODE_TYPE_HASH is defined as:
Here, initData is a bytes32 parameter,
However, in the _getEnableModeDataHash function, initData is a bytes type, and keccak256(initData) produces a bytes32 hash:
This leads to a mismatch between the type defined in the type hash (bytes32 initDataHash) and the actual data type being used (bytes).
EIP-712 requires the data types, order and names in the struct and the type hash to match exactly. This discrepancy violates the EIP-712 standard.
Impact
MEDIUM. Contract is not EIP-712 Compliant. Resulting hash may not accurately represent the original data, causing verification failures. Also backend/dapps expecting standard EIP-712 encoded data will fail to validate the hash, leading to potential interoperability issues.
Tools Used
VSCode
Recommendations
Adjust the Type Hash.
If initData is meant to be of type bytes, the type hash should be updated to reflect this:
Lead Judging Commences
finding-wrong-EIP712-typehash-ModuleEnableMode
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.