Platform: Code4rena
Start Date: 08/01/2024
Pot Size: $83,600 USDC
Total HM: 23
Participants: 116
Period: 10 days
Judge: 0xean
Total Solo HM: 1
Id: 317
League: ETH
Rank: 115/116
Findings: 1
Award: $1.80
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: BI_security
Also found by: 0xPsuedoPandit, 0xpiken, ABAIKUNANBAEV, Beepidibop, CipherSleuths, EV_om, Giorgio, Hajime, J4X, KingNFT, KupiaSec, NentoR, SBSecurity, SpicyMeatball, Tendency, Ward, ZdravkoHr, boringslav, deepplus, hals, hash, haxatron, jasonxiale, juancito, pkqs90, plasmablocks, ravikiranweb3, rokinot, rvierdiiev, trachev, zaevlad, zzebra83
1.8029 USDC - $1.80
The calculation of the digest done in does not follow the EIP-712 specification. Not following the EIP specification will end up in unexpected integration failures with EIP712-compliant wallets or tooling that perform the encoding in the appropriate way.
In _recoverSignerFromPayload(), the digest is calculated as follows:
bytes32 digest = _DOMAIN_SEPARATOR.toTypedDataHash(payloadHash);
Comment on the calculation: "Derive original EIP-712 digest using domain separator and order hash."
toTypedDataHash() is not respected as per OpenZeppelin's ECDSA
toTypedDataHash() used in _hashTypedDataV4() to calculate digest in the implementation of EIP712 OpenZeppelin.
Manual
_hashTypedDataV4() is the correct option to calculate digest.
Use implementation OpenZeppelin's EIP712
Other
#0 - c4-pre-sort
2024-01-21T17:51:12Z
141345 marked the issue as duplicate of #239
#1 - c4-judge
2024-01-28T21:05:55Z
0xean marked the issue as satisfactory