The chainId information included in the EIP712_DOMAIN of Tracer is hard-coded and could not change after the contract is deployed. However, if a hard fork happens afterward, the domainSeperator would become invalid on one of the forked chains due to the change of chain ID. Besides, the chain ID of the Ethereum Mainnet should be 1 instead of 1337.
Get the current chain ID from block.chainid. Consider using the implementation from OpenZeppelin, which recalculates the domain separator after a hard fork happens.
raymogg
commented
3 years ago
Handle
shw
Vulnerability details
Impact
The
chainIdinformation included in theEIP712_DOMAINofTraceris hard-coded and could not change after the contract is deployed. However, if a hard fork happens afterward, thedomainSeperatorwould become invalid on one of the forked chains due to the change of chain ID. Besides, the chain ID of the Ethereum Mainnet should be 1 instead of 1337.Proof of Concept
Referenced code: Trader.sol#L28 Trader.sol#L42-L50
Recommended Mitigation Steps
Get the current chain ID from
block.chainid. Consider using the implementation from OpenZeppelin, which recalculates the domain separator after a hard fork happens.