Incorrect generation of `domainSeperator`
Summary
The current contract implementation improperly generates the domainSeperator by incorrectly positioning the type hash in the structure. This deviation from the EIP-712 specification affects the reliability and security of the domainSeperator, potentially causing issues in signature verification and domain separation.
Vulnerability Details
In EIP-712, the domainSeperator for signing structured data must be generated with a specific sequence: the type hash for EIP712Domain should be included as the last element in the structure, following all domain-specific parameters like name, version, chainId, verifyingContract, and salt. The incorrect placement of the type hash in the current contract breaks compliance with the EIP-712 specification.
The current implementation incorrectly places the type hash at a first position
Impact
As the contract's domain separator does not conform to the EIP-712 specification, signatures generated using it may fail verification in EIP-712-compliant applications. This could disrupt user operations reliant on structured data signing, causing issues in user authentication and data integrity.
Tools Used
Manual Review
Recommendations
Modify the contract to correctly generate the domainSeperator by placing the type hash for EIP712Domain as the last element in the structure, following the specific ordering defined in EIP-712.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.