Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

EIP712Base Is Incompatible With Chain Fork

auditweiler

Summary

In the event of a chain fork, EIP-721 approvals cease to function correctly.

Vulnerability Details

The EIP721Base contract caches the blockchains current signalling chainId upon construction:

constructor(
string memory name,
string memory version
){
@> _setDomainSeperator(name, version);
}
function _setDomainSeperator(string memory name, string memory version) internal {
domainSeperator = keccak256(
abi.encode(
EIP712_DOMAIN_TYPEHASH,
keccak256(bytes(name)),
keccak256(bytes(version)),
address(this),
@> bytes32(getChainId())
)
);
}

https://github.com/Cyfrin/2024-11-one-world/blob/1e872c7ab393c380010a507398d4b4caca1ae32b/contracts/meta-transaction/EIP712Base.sol#L21C5-L38C6

If the chainIdwere to change a due to a fork, EIP712Base would continue to validate using the previous chainId. This results in the incorrect rejection of valid signatures for the forked chainId, and dangerously, incentivises users who wish to continue using the application to dangerously sign transactions which are liable to replay attacks.

Impact

Loss of ability to validate signature approvals in the event of a chain split.

Tools Used

Manual Review

Recommendations

Use Openzeppelin's ERC-712 library.

Updates

Lead Judging Commences

0xbrivan2 Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Appeal created

0xbrivan2 Lead Judge
9 months ago
0xbrivan2 Lead Judge 9 months ago
Submission Judgement Published
Validated
Assigned finding tags:

can't update domainSeparator in case of hard fork

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.