`encodeData` in `fillOffchainOrders` do incorrect hashing, leads to EIP712 incompatibility
GitHub
https://github.com/Cyfrin/2024-07-zaros/blob/d687fe96bb7ace8652778797052a38763fbcbb1b/src/perpetuals/branches/SettlementBranch.sol#L249
Summary
According to EIP712:
"The dynamic values bytes and string are encoded as a keccak256 hash of their contents."
However, in SettlementBranch.sol when fillOffchainOrders is called, the salt field is included in the abi.encode call without being hashed first.
Impact
The contract is not compatible with EIP712. This may result in issues with integrators who expect the salt field to be hashed according to the EIP712 specification, potentially leading to signature verification failures & integration problems.
Recommendation
To comply with EIP712, ensure that the salt field is hashed using keccak256 before being included in the abi.encode call. Update the relevant code in the fillOffchainOrders function as follows:
This change will ensure that the dynamic value salt is properly encoded according to EIP712, maintaining compatibility with the standard and preventing potential integration issues.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.