Open hats-bug-reporter[bot] opened 4 months ago
Thank you for the submission.
This issue is inherited from Thena and is independent of the changes we made, which makes it OOS.
(Possibly to be revised)
Will it be revised?
Since it is inherited from Thena/Chronos, and does not have critical consequences, but only to incorrectness in the construction of signatures, it remains outside the scope due to insufficient impact to be recognized in the scope
Github username: @Rotcivegaf Twitter username: rotcivegaf Submission hash (on-chain): 0x778dc107b91369f0e44e5fbd99b51edb2d9d32d27731be2f41e4e609d6f6dbd7 Severity: medium
Description: Lines:
Description:
In the build of the
DOMAIN TYPEHASH
thestring version
is forgotten, but thedelegateBySig
function, build thedomainSeparator
with thekeccak256(bytes(version))
This broke the EIP 712, and the
delegateBySig
functionAttack Scenario:
Some contract or dapp/backend could building the
DOMAIN_TYPEHASH
with "right" struct(include theversion
) and try to use thedelegateBySig
function but this function will revert in the with the message"VotingEscrow::delegateBySig: invalid signature"
because the expectDOMAIN_TYPEHASH
in theVotingEscrow.sol
contract was built with the "wrong" structRecommended Mitigation Steps:
Acording the EIP 712, in the Definition of domainSeparator:
string version
the current major version of the signing domain. Signatures from different versions are not compatible"Add
string version
, to theEIP712Domain
string: