Centrifuge - 0xRobsol's results

Lines of code

https://github.com/code-423n4/2023-09-centrifuge/blob/512e7a71ebd9ae76384f837204216f26380c9f91/src/token/ERC20.sol#L71

Vulnerability details

The _calculateDomainSeparator function generates the EIP-712 domain separator using the contract's name and version. However, there is no explicit guarantee that the name has been set before calling this function, leading to an unreliable domain separator.

Impact

The domain separator is a fundamental component in verifying the source and integrity of off-chain signed messages in the EIP-712 standard. If the domain separator is not consistently and correctly generated, it could result in:

Users signing messages that they didn't intend to, because the domain they thought they were interacting with is different. A loss of trust in the protocol's message verification system. Potential vulnerabilities where malicious actors could exploit the inconsistency to impersonate the contract or deceive users.

Proof of Concept

Consider a situation where Alice wants to sign a message to prove her actions off-chain for this contract. Alice fetches the domain separator to sign her message.

If the name hasn't been set before she calls _calculateDomainSeparator, she might sign a message with a domain that doesn't represent the intended contract. This could be problematic in scenarios where Bob, another user, uses the signed message to interact with the contract.

Without a correct domain separator, Alice's intent is misrepresented. Anyone using her signature might end up making decisions based on incorrect information.

Tools Used

Recommended Mitigation Steps

Add a modifier or check to ensure that name is set before the _calculateDomainSeparator function can be called.

Assessed type

Access Control