The chainId for eip-712 signature is hardcoded in the code, in case of a hard fork the contract would exist on both the chains which make signature replay possible between them.
Recommended Mitigation Steps
The most efficient mitigation is to use a cachedDomainSeparator to not recompute it every time but only check the current block.chainid with a cachedChainId, you can follow the openzeppelin's implementation
raymogg
commented
3 years ago
Handle
s1m0
Vulnerability details
Impact
The chainId for eip-712 signature is hardcoded in the code, in case of a hard fork the contract would exist on both the chains which make signature replay possible between them.
Recommended Mitigation Steps
The most efficient mitigation is to use a cachedDomainSeparator to not recompute it every time but only check the current block.chainid with a cachedChainId, you can follow the openzeppelin's implementation