Open hats-bug-reporter[bot] opened 2 weeks ago
The version serves at making signatures between different versions incompatible. Here the desired behaviour is the opposite (vouches of v1 should still be valid for v2).
As per EIP-712 Protocol designers only need to include the fields that make sense for their signing domain. Unused fields are left out of the struct type.
Here a version field doesn't make sense (vouches of v1 should still be valid) so the version field was left out of the struct type per EIP-712 recommendation.
Github username: -- Twitter username: -- Submission hash (on-chain): 0xd72df861654411b69ab064b7335ea688c5f3bc8aeee0be19d9b82a403a35cf63 Severity: low
Description: Description\ TypeHash of the domainSeprator is missing version which violating the EIP712 - https://eips.ethereum.org/EIPS/eip-712#definition-of-domainseparator
This is also the way it is implemented in OZ contracts - https://github.com/OpenZeppelin/openzeppelin-contracts/blob/1edc2ae004974ebf053f4eba26b45469937b9381/contracts/utils/cryptography/EIP712.sol#L89
Attack Scenario\ Describe how the vulnerability can be exploited.
Attachments
Revised Code File (Optional)
Add version to the TypeHash and the has itself.