Open hats-bug-reporter[bot] opened 1 week ago
Github username: @SB-Security Twitter username: SBSecurity_ Submission hash (on-chain): 0x8aa19e4a23c9709801c91aaf4d7c18cda3d40b65fd01739a316276c304165842 Severity: medium
Description: Description\ createDigestExecTx() do not hash correctly execTransaction.
execTransaction
Attack Scenario\ As per EIP-712 when a hash is computed dynamic types like bytes, should be encoded differently.
bytes
"The dynamic values bytes and string are encoded as a keccak256 hash of their contents."
Attachments You can read more here - https://eips.ethereum.org/EIPS/eip-712#definition-of-encodedata
createDigestExecTx() should encoded data and signatures params when computing the hash.
data
signatures
function createDigestExecTx( bytes32 domainSeparatorSafe, Transaction memory safeTx ) public view returns (bytes32) { bytes32 digest = _hashTypedDataV4( domainSeparatorSafe, keccak256( abi.encode( keccak256( "execTransaction(address to,uint256 value,bytes data,Enum.Operation operation,uint256 safeTxGas,uint256 baseGas,uint256 gasPrice,address gasToken,address refundReceiver,bytes signatures)" ), safeTx.to, safeTx.value, safeTx.data, safeTx.operation, safeTx.safeTxGas, safeTx.baseGas, safeTx.gasPrice, safeTx.gasToken, safeTx.refundReceiver, safeTx.signatures ) ) ); return digest; }
duplicate of #6
invalid like mention in #6
Github username: @SB-Security Twitter username: SBSecurity_ Submission hash (on-chain): 0x8aa19e4a23c9709801c91aaf4d7c18cda3d40b65fd01739a316276c304165842 Severity: medium
Description: Description\ createDigestExecTx() do not hash correctly
execTransaction
.Attack Scenario\ As per EIP-712 when a hash is computed dynamic types like
bytes
, should be encoded differently."The dynamic values bytes and string are encoded as a keccak256 hash of their contents."
Attachments You can read more here - https://eips.ethereum.org/EIPS/eip-712#definition-of-encodedata
createDigestExecTx() should encoded
data
andsignatures
params when computing the hash.