The string used for DOMAIN_TYPEHASH is missing the version argument.
bytes32 public constant DOMAIN_TYPEHASH =
keccak256( //@audit-issue LOW: wrong domain type hash, missing version
"EIP712Domain(string name,uint256 chainId,address verifyingContract)"
);
In the delegateBySig function, when the domainSeparator is crafted, the version of the contract is used, but this argument is missing in the DOMAIN_TYPEHASH.
Breezy Chrome Baboon
Low/Info
DOMAIN_TYPEHASH is wrongly implemented
Summary
DOMAIN_TYPEHASH is wrongly implemented
Vulnerability Detail
The string used for
DOMAIN_TYPEHASH
is missing the version argument.In the
delegateBySig
function, when thedomainSeparator
is crafted, the version of the contract is used, but this argument is missing in theDOMAIN_TYPEHASH
.Impact
It will result in a wrongly crafted message.
Code Snippet
https://github.com/sherlock-audit/2024-06-velocimeter/blob/main/v4-contracts/contracts/VotingEscrow.sol#L1259
Tool used
Manual Review
Recommendation
Add version as a argument in
DOMAIN_TYPEHASH