search

code-423n4 / 2023-01-biconomy-findings

7 stars 9 forks source link

THE DOMAINSEPERATOR CANNOT BE RECALCULATED AFTER A HARD FORK HAPPENS #473

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-01-biconomy/blob/main/scw-contracts/contracts/smart-contract-wallet/SmartAccount.sol#L42

Vulnerability details

Impact

The variable DOMAIN_SEPARATOR_TYPEHASH in SmartAccount.sol is cached in the contract storage and will not change after the contract is initialized. However, if a hard fork happens after the contract deployment, it would become invalid on one of the forked chains due to the block.chainid has changed.

File: SmartAccount.sol

42:       bytes32 internal constant DOMAIN_SEPARATOR_TYPEHASH = 0x47e79534a245952e8b16893a336b85a3d9ea9fa8c573f3d803afb92a79469218;

Link to Code

Recommended Mitigation Steps

Recommend consider using this implementation, which recalculates the domain separator if the current block.chainid is not the cached chain ID.

c4-judge commented 1 year ago

gzeon-c4 marked the issue as unsatisfactory: Out of scope