Closed c4-bot-3 closed 2 months ago
Report of sufficient quality
3docSec marked the issue as satisfactory
3docSec marked the issue as selected for report
function testDummy() external {
bool a = false;
assertEq(abi.encode(a), abi.encode(uint256(0)));
a = true;
assertEq(abi.encode(a), abi.encode(uint256(1)));
}
using test above works with pragma abicoder v2;
either. It's seems not a bug
3docSec marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2024-06-krystal-defi/blob/f65b381b258290653fa638019a5a134c4ef90ba8/src/StructHash.sol#L202
Vulnerability details
Impact
Invalid signatures
Proof of Concept
StructHash
contract prepares the user signatures in the structure of Krystal functions. One of them is hashingRebalanceConfig
struct.For Line: 202, since the param is a
boolean
, to ensure compliance with EIP-712, thebool
should be explicitly casted to auint256
when encoding it.Below is quoted from the EIP page:
Tools Used
Manual Review
Recommended Mitigation Steps
Assessed type
Other