Closed c4-bot-3 closed 10 months ago
raymondfam marked the issue as sufficient quality report
raymondfam marked the issue as duplicate of #6
raymondfam marked the issue as duplicate of #354
raymondfam marked the issue as duplicate of #267
MarioPoneder marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-12-revolutionprotocol/blob/d42cc62b873a1b2b44f57310f9d4bbfdd875e8d6/packages/revolution/src/CultureIndex.sol#L419-L444
Vulnerability details
Impact
A function that uses signature does not include
chainId
todomainSeparator
and can be replayed onBase
andOptimism
. According to the readme protocol will be deployed to these chains in the feature.Proof of Concept
In function above chainID not included, although in contract, that out of scope, chainId included to domainSeparator.
Not included:
Included:
Tools Used
vscode
Recommended Mitigation Steps
Include
chainId
todomainSeparator
.Assessed type
Other