Submission Details
Severity:
ERC-7201 is not followed in Referral & CustomReferralConfiguration
Description
The EIP-7201 is followed in these contracts:
https://github.com/Cyfrin/2024-07-zaros/blob/main/src/perpetuals/leaves/MarketOrder.sol#L12-L13
https://github.com/Cyfrin/2024-07-zaros/blob/main/src/perpetuals/leaves/PerpMarket.sol#L36-L37
https://github.com/Cyfrin/2024-07-zaros/blob/main/src/perpetuals/leaves/Position.sol#L11-L12
https://github.com/Cyfrin/2024-07-zaros/blob/main/src/perpetuals/leaves/TradingAccount.sol#L36-L37
But not in:
Recommendation
❌ string internal constant REFERRAL_DOMAIN = "fi.zaros.Referral";
✅ bytes32 internal constant REFERRAL_DOMAIN_LOCATION =
keccak256(abi.encode(uint256(keccak256("fi.zaros.Referral")) - 1)) & ~bytes32(uint256(0xff));
❌ string internal constant CUSTOM_REFERRAL_CONFIGURATION_DOMAIN = "fi.zaros.CustomReferralConfiguration";
✅ bytes32 internal constant CUSTOM_REFERRAL_CONFIGURATION_DOMAIN_LOCATION =
keccak256(abi.encode(uint256(keccak256("fi.zaros.CustomReferralConfiguration")) - 1)) & ~bytes32(uint256(0xff));
Then the load function should be modified based on the new changes.
Updates
Lead Judging Commences
inallhonesty 10 months ago
Submission Judgement Published Assigned finding tags:
Storage computation formula of ERC7201 is not followed. ERC7201 non compliance.
Prize pool breakdown
Total prize
60,000 USDC
nSLOC
2,87821 USDC / LOC
50,000 USDC
5,500 USDC
4,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.