Lack of Initialization Function in EIP712Base Contract
Summary
The EIP712Base contract does not have an initialization function, which creates issues for contracts that inherit EIP712Base and use the proxy pattern. Without an initialization function, the domain separator cannot be correctly set up in a proxy-based deployment, as the constructor cannot be used.
Vulnerability Details
The EIP712Base contract sets the domain separator using the constructor, but for proxy-based deployments, constructors are not called in the same way, making it necessary to have a initialize function. Without this function, contracts relying on EIP712Base may fail to correctly set up the domain separator, potentially impacting the integrity of EIP-712 signatures.
Impact
Contracts inheriting EIP712Base and using proxy patterns will not have a valid domain separator, causing issues with message verification and possibly invalidating signed data. This may lead to unexpected behavior in functions relying on EIP-712 signature verification, such as meta-transactions, impacting the usability of the contract.
Tools Used
Manual review
Recommendations
Add Initialization Function: Implement an initialize function in EIP712Base to allow setting the domain separator post-deployment for proxy-based contracts.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.