CustomReferralConfiguration
& Refferal
contracts do not implement EIP712
correctly.
According to EIP712 Standard:
The dynamic values
bytes
andstring
are encoded as akeccak256
hash of their contents.
However, in CustomReferralConfiguration:load()
, the hashing is done as follows:
As seen, both CUSTOM_REFERRAL_CONFIGURATION_DOMAIN
and customReferralCode
are string
values. However, the hashing (slot
) encodes these values directly and not the keccak256
hash of their contents as required by the standard.
The same is in Referral:load()
:
Here also, REFERRAL_DOMAIN
is a string
but it is encoded as is.
Non-compliance with EIP712
can cause problems with integrators and potentially lead to denial of service.
Manual Review
Correct this as follows:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.