Open code423n4 opened 2 years ago
defsec
The 'DOMAIN_SEPARATOR' is not recalculated in the case of a hard fork. The variable DOMAIN_SEPARATOR in contract UniswapV2ERC20 (https://github.com/code-423n4/2021-11-vader/blob/607d2b9e253d59c782e921bfc2951184d3f65825/contracts/external/UniswapV2ERC20.sol#L26) is cached in the contract storage and will not change after being initialized. However, if a hard fork happens after the contract deployment, the domain would become invalid on one of the forked chains due to the block.chainid has changed.
A similar issue was reported in a previous contest and was assigned a severity of low: code-423n4/2021-06-realitycards-findings#166
Code Review
As an solution that you may consider applying is from Sushi Trident: https://github.com/sushiswap/trident/blob/concentrated/contracts/pool/concentrated/TridentNFT.sol#L47-L62
This finding relates to a test file.
Handle
defsec
Vulnerability details
Impact
The 'DOMAIN_SEPARATOR' is not recalculated in the case of a hard fork. The variable DOMAIN_SEPARATOR in contract UniswapV2ERC20 (https://github.com/code-423n4/2021-11-vader/blob/607d2b9e253d59c782e921bfc2951184d3f65825/contracts/external/UniswapV2ERC20.sol#L26) is cached in the contract storage and will not change after being initialized. However, if a hard fork happens after the contract deployment, the domain would become invalid on one of the forked chains due to the block.chainid has changed.
A similar issue was reported in a previous contest and was assigned a severity of low: code-423n4/2021-06-realitycards-findings#166
Tools Used
Code Review
Recommended Mitigation Steps
As an solution that you may consider applying is from Sushi Trident: https://github.com/sushiswap/trident/blob/concentrated/contracts/pool/concentrated/TridentNFT.sol#L47-L62