BohdanHrytsak
commented
4 months ago Thank you for the submission.
This issue is inherited from Thena and is independent of the changes we made, which makes it OOS.
(Possibly to be revised)
Open hats-bug-reporter[bot] opened 4 months ago
BohdanHrytsak
commented
4 months ago Thank you for the submission.
This issue is inherited from Thena and is independent of the changes we made, which makes it OOS.
(Possibly to be revised)
rotcivegaf
commented
4 months ago Will it be revised?
BohdanHrytsak
commented
4 months ago Since it is inherited from Thena/Chronos, and does not have critical consequences, but only to incorrectness in the construction of signatures, it remains outside the scope due to insufficient impact to be recognized in the scope
Github username: @Rotcivegaf Twitter username: rotcivegaf Submission hash (on-chain): 0x778dc107b91369f0e44e5fbd99b51edb2d9d32d27731be2f41e4e609d6f6dbd7 Severity: medium
Description: Lines:
Description:
In the build of the
DOMAIN TYPEHASHthestring versionis forgotten, but thedelegateBySigfunction, build thedomainSeparatorwith thekeccak256(bytes(version))This broke the EIP 712, and the
delegateBySigfunctionAttack Scenario:
Some contract or dapp/backend could building the
DOMAIN_TYPEHASHwith "right" struct(include theversion) and try to use thedelegateBySigfunction but this function will revert in the with the message"VotingEscrow::delegateBySig: invalid signature"because the expectDOMAIN_TYPEHASHin theVotingEscrow.solcontract was built with the "wrong" structRecommended Mitigation Steps:
Acording the EIP 712, in the Definition of domainSeparator:
string versionthe current major version of the signing domain. Signatures from different versions are not compatible"Add
string version, to theEIP712Domainstring: