Submission Details
Severity:
Domain separator is set wrongly, violates EIP712 specification
Summary
Domain separator is set wrongly, and does not follow EIP712 specs. It is missing chainId.
Vulnerability Details
This is EIP712Base._setDomainSeparator()
function _setDomainSeperator(string memory name, string memory version) internal {
domainSeperator = keccak256(
abi.encode(
EIP712_DOMAIN_TYPEHASH,
keccak256(bytes(name)),
keccak256(bytes(version)),
> address(this),
> bytes32(getChainId())
)
);
}
In EIP-712, domain separator is set as name,version,chainId,verifying contract but in this protocol it is flipped. getChainId() is used as the salt instead of the chain id, which allows for replay attacks.
Impact
EIP specs is not followed, Signature will be hashed incorrectly with potential for replay and phishing attacks.
Tools Used
Manual Review
Recommendations
Swap chainId and address(this)
function _setDomainSeperator(string memory name, string memory version) internal {
domainSeperator = keccak256(
abi.encode(
EIP712_DOMAIN_TYPEHASH,
keccak256(bytes(name)),
keccak256(bytes(version)),
+ bytes32(getChainId()),
+ address(this)
)
);
}
Also, change EIP712_DOMAIN_TYPEHASH to include chainID.
Prize pool breakdown
Total prize
15,000 USDC
nSLOC
54128 USDC / LOC
14,000 USDC
1,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.