TYPEHASH
in rankCandidatesBySig
The TYPEHASH
constant is incorrectly defined as:
bytes32 public constant TYPEHASH = keccak256("rankCandidates(uint256[])");
However, the orderedCandidates
parameter is an array of address
, not uint256
. This mismatch leads to incorrect hash calculations, causing signature verifications to fail or allowing malicious actors to forge signatures.
Recommendation:
Update the TYPEHASH
to match the correct data type:
bytes32 public constant TYPEHASH = keccak256("rankCandidates(address[])");
Ensure that all hashing and signature recovery processes use the correct data types to maintain the integrity of the signature verification.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.