Zaros Part 1
Zaros
DeFiFoundry
60,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Referral slot does not comply with EIP7201

0xpep7

Summary

Referral leave contracts fail to comply with the EIP7201 standard for computing slot locations.

Vulnerability Details

As can be seen from below snippet, the slot address for the Referral data is computed based on the formula: keccak256(abi.encode(REFERRAL_DOMAIN, accountOwner)) which is not aligned with instructions of EIP7201 standard ie. erc7201(id: string) = keccak256(keccak256(id) - 1) & ~0xff. This non-compliance violates an invariant stated in the project's README.

  • Found in src/perpetuals/leaves/Referral.sol at Line 16

8:@> string internal constant REFERRAL_DOMAIN = "fi.zaros.Referral";
...
15: function load(address accountOwner) internal pure returns (Data storage referralTestnet) {
16:@> bytes32 slot = keccak256(abi.encode(REFERRAL_DOMAIN, accountOwner));
17: assembly {
...
20: }

Impact

The severity of EIP Non-compliance and invariant breaking should be Medium.

Tools Used

Manual Review

Recommendations

Apply:

- bytes32 slot = keccak256(abi.encode(REFERRAL_DOMAIN, accountOwner));
+ bytes32 slot = keccak256(abi.encode(uint256(abi.encode(REFERRAL_DOMAIN, accountOwner)) - 1)) & ~bytes32(uint256(0xff));
Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Storage computation formula of ERC7201 is not followed. ERC7201 non compliance.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.