Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Incorrect Use of `bytes32` Type for `chainId`

brene

Summary

The contract incorrectly wraps the chainId as bytes32, rather than using it in its native integer format as specified in the EIP-712 standard. According to EIP-712, the chainId should be directly used as a uint256, not converted to bytes32. This misrepresentation of chainId can lead to compatibility issues and potential security concerns when verifying the source and integrity of transactions.

Vulnerability Details

In EIP-712, the chainId is expected to be represented as a uint256 integer type, which corresponds to the chain ID where the transaction is executed.

function _setDomainSeperator(string memory name, string memory version) internal {
domainSeperator = keccak256(
abi.encode(
EIP712_DOMAIN_TYPEHASH,
keccak256(bytes(name)),
keccak256(bytes(version)),
address(this),
>> bytes32(getChainId())
)
);
}

Impact

The incorrect type for chainId may open the contract to risks of cross-chain replay attacks. Since chainId is essential for ensuring that messages and signatures are unique to a particular blockchain, using bytes32 instead of uint256 weakens this guarantee, potentially allowing messages signed on one chain to be replayed on another.

Tools Used

Manual Review

Recommendations

Modify the contract to use chainId directly as a uint256 without wrapping it in bytes32.

function _setDomainSeperator(string memory name, string memory version) internal {
domainSeperator = keccak256(
abi.encode(
EIP712_DOMAIN_TYPEHASH,
keccak256(bytes(name)),
keccak256(bytes(version)),
address(this),
- bytes32(getChainId())
+ getChainId()
)
);
}
Updates

Lead Judging Commences

0xbrivan2 Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!