Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Replay attack in case of hard fork

0xg0p1

Summary

If there is ever a hardfork domainSeperator value will become invalid. This is because the chainId parameter is computed in constructor. This means even after hard fork chainId would remain same which is incorrect and could cause possible replay attacks

Vulnerability Details

Observe the following code snippets

constructor(
string memory name,
string memory version
){
_setDomainSeperator(name, version);
}
function _setDomainSeperator(string memory name, string memory version) internal {
domainSeperator = keccak256(
abi.encode(
EIP712_DOMAIN_TYPEHASH,
keccak256(bytes(name)),
keccak256(bytes(version)),
address(this),
bytes32(getChainId())
)
);
}
function getChainId() public view returns (uint256) {
uint256 id;
assembly {
id := chainid()
}
return id;
}

  1. As we can see the chainId is derived and then hardcoded in domainSeperator

  2. This means even after hard fork, domainSeperator value will remain same and point to incorrect chainId.

Impact

Signature Replay

Tools Used

Manual Review

Recommendations

The domainSeperator variable should be recomputed everytime by placing current value of chainId.

Updates

Lead Judging Commences

0xbrivan2 Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Appeal created

0xbrivan2 Lead Judge
9 months ago
0xbrivan2 Lead Judge 9 months ago
Submission Judgement Published
Validated
Assigned finding tags:

can't update domainSeparator in case of hard fork

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.