`EIP712Base` logic is susceptible to signature replay attacks in the case of a hard fork
Summary
The EIP712Base logic is susceptible to signature replay attacks following a hard fork of the blockchain. This vulnerability arises from the way the domainSeperator is computed and stored.
Vulnerability Details
The domainSeperator is computed using a chain ID, which is derived at the time of contract deployment using getChainId():
This value is incorporated into the domainSeperator and remains immutable for the lifetime of the contract.
If a hard fork occurs, the chain ID may change, resulting in a situation where the domainSeperator created on the original chain is effectively valid on both chains. That means signatures generated from messages signed on one chain could be replayed on the other chain (the forked network) because the domainSeperator remains valid across both chains.
An attacker can capture signatures from the original chain and attempt to replay those signatures on the forked chain. Since the contract does not differentiate between the two chains in its signature validation logic, and assumes that the domainSeperator uniquely identifies the contract state, it can unintentionally accept these signatures, leading to potential unauthorized actions, fund transfers, or misrepresentations of user intents.
Impact
The EIP712Base logic is susceptible to signature replay attacks following a hard fork of the blockchain.
Tools Used
Manual Review
Recommendations
Consider using openzeppelin's [EIP712](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/v5.0.2/contracts/utils/cryptography/EIP712.sol).
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.