sunbreak1211
commented
1 month ago This is specified in the scope: "SDAO domain separator might be out of date when the token name and/or symbol changes."...
Closed sherlock-admin4 closed 1 month ago
sunbreak1211
commented
1 month ago This is specified in the scope: "SDAO domain separator might be out of date when the token name and/or symbol changes."...
brgltd
Medium
Permit functionality breaking on token name update leading to potential loss of funds
Summary
Updating the token name for
SDAO.solcan cause the permit functionality to revert.Vulnerability Detail
SDAO.solcontains a functionfile()to update the token name or symbol. Sincepermit()uses the EIP712_DOMAIN_SEPARATORwith the token name (domain separator uses the cached value when block.id matches the block.id from the contract deployment), messages signed offchain with the new token name will not work.In essence, updating a SubDAO token name can break the permit functionality and potentially cause negative repercussions on users who are providing offhchain approvals using the new token name which will mismatch the codebase
_DOMAIN_SEPARATORthat will continue to use the old token name.Impact
It's tricky to quantity loss of funds involved with this bug. However, there are scenarios where breaking permit for SubDAO tokens can lead to loss of funds for users. DeFi is made of highly composable money legos, and specially for an extremely popular protocol like MakerDAO, there can be downwards effects from permit breaking. For example:
Funds meant to be managed or moved through permit-based mechanisms (e.g. staking, lending, vote-delegation) can become locked or inaccessible, and even result in potential penalties depending on token prices.
Yield farming strategies relying on permit failing to execute, translating into financial losses and or missed opportunities.
Users relying on permit for executing trades or arbitrage opportunities might miss critical market windows, leading to financial loss.
A contrived example can be: upon permit not working, users end up using the traditional erc20 approval, which can be expensive on ethereum mainnet during high gas prices, resulting economic loss for and decreased user inclusion for SubDAO tokens.
Furthermore, previous signatures signed with the old name that should be considered invalid will be considered valid.
Code Snippet
https://github.com/sherlock-audit/2024-06-makerdao-endgame/blob/main/endgame-toolkit/src/SDAO.sol#L175-L176
https://github.com/sherlock-audit/2024-06-makerdao-endgame/blob/main/endgame-toolkit/src/SDAO.sol#L116
https://github.com/sherlock-audit/2024-06-makerdao-endgame/blob/main/endgame-toolkit/src/SDAO.sol#L129
https://github.com/sherlock-audit/2024-06-makerdao-endgame/blob/main/endgame-toolkit/src/SDAO.sol#L383
Tool used
Manual Review
Recommendation
When updating the token name on
file(),_DOMAIN_SEPARATORshould be recalculated with the new token name.