Vulnerability Details

https://github.com/Cyfrin/2024-11-one-world/blob/1e872c7ab393c380010a507398d4b4caca1ae32b/contracts/meta-transaction/EIP712Base.sol#L21-L38

The variable domainSeperator in EIP712Base is cached in the contract storage and will not change after the contract is initialized. However, if a hard fork happens after the contract deployment, the domainSeperator would become invalid on one of the forked chains due to the block.chainid has changed.

Impact

An attacker can exploit these vulnerabilities on the forked chain, as the invalid DOMAIN_SEPARATOR can lead to incorrect processing of signed messages.

Tools Used

Manual review.

Similar issue

https://github.com/code-423n4/2021-06-realitycards-findings/issues/166#issue-923661426

Recommendations

Consider using the EIP712.sol from OpenZeppelin, which recalculates the domain separator if the current block.chainid is not the cached chain ID.