Project

One World

NFTDeFi

15,000 USDC

View results

Previous Next

Submission Details

Severity: low

Valid

EIP712Base and NativeMetaTransaction's domain separator breaks in case of a hardfork.

inh3l

Summary

EIP712Base's and NativeMetaTransaction's domain separator is set in the constructor which makes signatures generated from it vulnerable to replay attacks during a hardfork. As per EIP712, calculating the domain separator using a hardcoded chainId could pose problems as a hardfork changes the chain's chain id, the domain separator will be inaccurately calculated.

Vulnerability Details

NativeMetaTransaction is EIP712Base which sets the domain seperator in the constructor.

constructor(

string memory name,

string memory version

){

_setDomainSeperator(name, version);

}

This sets the domain seperator which can no longer be changed.

function _setDomainSeperator(string memory name, string memory version) internal {

domainSeperator = keccak256(

abi.encode(

EIP712_DOMAIN_TYPEHASH,

keccak256(bytes(name)),

keccak256(bytes(version)),

address(this),

bytes32(getChainId())

)

);

}

The cached domainSeperator is then used to derive the message hash in the toTypedMessageHash function.

function toTypedMessageHash(bytes32 messageHash)

internal

view

returns (bytes32)

{

return

keccak256(

abi.encodePacked("\x19\x01", getDomainSeperator(), messageHash)

);

}

This will have an effect on signature verification as it can be replayed to execute meta transactions.

function verify(

address signer,

MetaTransaction memory metaTx,

bytes32 sigR,

bytes32 sigS,

uint8 sigV

) internal view returns (bool) {

require(signer != address(0), "NativeMetaTransaction: INVALID_SIGNER");

return

signer ==

ecrecover(

toTypedMessageHash(hashMetaTransaction(metaTx)),

sigV,

sigR,

sigS

);

}

Impact

In case of a hardfork, signatures are vulnerable to replays.

Tools Used

Manual Review

Recommendations

Calculate the domain separator everytime its needed rather than using the cached domainSeperator parameter.

Updates

Lead Judging Commences

0xbrivan2 Lead Judge 12 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Appeal created

0xbrivan2 Lead Judge 11 months ago

Submission Judgement Published

Validated

Assigned finding tags:

can't update domainSeparator in case of hard fork

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

541

28 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.