search

sherlock-audit / 2023-06-dinari-judging

5 stars 4 forks source link

Tri-pathi - `ORDERREQUEST_TYPE_HASH` is calculated incorrectly #124

Closed sherlock-admin closed 1 year ago

sherlock-admin commented 1 year ago

Tri-pathi

high

ORDERREQUEST_TYPE_HASH is calculated incorrectly

Summary

since 

bytes32 private constant ORDERREQUEST_TYPE_HASH = keccak256(
        "OrderRequest(bytes32 salt,address recipient,address assetToken,address paymentToken,uint256 quantityIn"
    );

the hash calculated is incorrect according to EIP-712. Expression is missing a closing parenthesis ) after uint256 quantityIn

I marked this high since in all the previous audits reports whenever Type structured data hash has been used incorrectly according to EIP-712, it was marked high

Vulnerability Detail

see Summary

Impact

Type structured Hash used for orderId is calculated incorrectly and does not follow EIP-712 , but it says that protocol does.

Code Snippet

File: sbt-contracts/src/issuer/OrderProcessor.sol

95:    bytes32 private constant ORDERREQUEST_TYPE_HASH = keccak256(
96:        "OrderRequest(bytes32 salt,address recipient,address assetToken,address paymentToken,uint256 quantityIn"
97:    );

///------///

205:    function getOrderIdFromOrderRequest(OrderRequest memory orderRequest, bytes32 salt) public pure returns (bytes32) {
206:        return keccak256(
207:            abi.encode(
208:                ORDERREQUEST_TYPE_HASH,
209:                salt,
210:                orderRequest.recipient,
211:                orderRequest.assetToken,
212:               orderRequest.paymentToken,
213:                orderRequest.quantityIn
214:            )
215:        );
216 :   }

https://github.com/sherlock-audit/2023-06-dinari/blob/main/sbt-contracts/src/issuer/OrderProcessor.sol#L95 https://github.com/sherlock-audit/2023-06-dinari/blob/main/sbt-contracts/src/issuer/OrderProcessor.sol#L205

Tool used

Manual Review

Recommendation

Add a closing parenthesis ) after uint256 quantityIn