sherlock-audit / 2024-06-velocimeter-judging

11 stars 7 forks source link

Breezy Chrome Baboon - DOMAIN_TYPEHASH is wrongly implemented #717

Closed sherlock-admin4 closed 4 months ago

sherlock-admin4 commented 4 months ago

Breezy Chrome Baboon

Low/Info

DOMAIN_TYPEHASH is wrongly implemented

Summary

DOMAIN_TYPEHASH is wrongly implemented

Vulnerability Detail

The string used for DOMAIN_TYPEHASH is missing the version argument.

bytes32 public constant DOMAIN_TYPEHASH =
    keccak256( //@audit-issue LOW: wrong domain type hash, missing version
        "EIP712Domain(string name,uint256 chainId,address verifyingContract)"
    );

In the delegateBySig function, when the domainSeparator is crafted, the version of the contract is used, but this argument is missing in the DOMAIN_TYPEHASH.

bytes32 domainSeparator = keccak256(
            abi.encode(
                DOMAIN_TYPEHASH,
                keccak256(bytes(name)),
                keccak256(bytes(version)),
                block.chainid,
                address(this)
            )
        );

Impact

It will result in a wrongly crafted message.

Code Snippet

https://github.com/sherlock-audit/2024-06-velocimeter/blob/main/v4-contracts/contracts/VotingEscrow.sol#L1259

Tool used

Manual Review

Recommendation

Add version as a argument in DOMAIN_TYPEHASH