The chainId information included in the EIP712_DOMAIN of Tracer is hard-coded and could not change after the contract is deployed. However, if a hard fork happens afterward, the domainSeperator would become invalid on one of the forked chains due to the change of chain ID. Besides, the chain ID of the Ethereum Mainnet should be 1 instead of 1337.
Get the current chain ID from block.chainid. Consider using the implementation from OpenZeppelin, which recalculates the domain separator after a hard fork happens.
Handle
shw
Vulnerability details
Impact
The
chainId
information included in theEIP712_DOMAIN
ofTracer
is hard-coded and could not change after the contract is deployed. However, if a hard fork happens afterward, thedomainSeperator
would become invalid on one of the forked chains due to the change of chain ID. Besides, the chain ID of the Ethereum Mainnet should be 1 instead of 1337.Proof of Concept
Referenced code: Trader.sol#L28 Trader.sol#L42-L50
Recommended Mitigation Steps
Get the current chain ID from
block.chainid
. Consider using the implementation from OpenZeppelin, which recalculates the domain separator after a hard fork happens.