search

sherlock-audit / 2024-09-predict-fun-judging

6 stars 4 forks source link

valuevalk - The Protocol is not strictly compliant with EIP721 #231

Open sherlock-admin2 opened 1 month ago

sherlock-admin2 commented 1 month ago

valuevalk

Medium

The Protocol is not strictly compliant with EIP721

Summary

As mentioned in the readme, the protocol should be stricty compliant with EIP721 - reference here

Vulnerability Detail

hashProposal() function is not correctly mapping the data types of the fields in the hash, used for the Proposal.

Check out: EIP reference 

    struct Proposal {
        address from;
        uint256 loanAmount;
        uint256 collateralAmount;
        QuestionType questionType;
@>>     bytes32 questionId;
        bool outcome;
        uint256 interestRatePerSecond;
        uint256 duration;
        uint256 validUntil;
        uint256 salt;
        uint256 nonce;
        ProposalType proposalType;
        bytes signature;
        uint256 protocolFeeBasisPoints;
    }

questionId is bytes32 but in the encoded hash string it is uint256 reference

    function hashProposal(Proposal calldata proposal) public view returns (bytes32 digest) {
        digest = _hashTypedDataV4(
            keccak256(
                abi.encode(
                    keccak256(
                        "Proposal(address from,uint256 loanAmount,uint256 collateralAmount,uint8 questionType,
@>>                     uint256 questionId,
                        bool outcome,uint256 interestRatePerSecond,uint256 duration,uint256 validUntil,uint256 salt,uint256 nonce,uint8 proposalType,uint256 protocolFeeBasisPoints)"
                    ),
                    proposal.from,
                    proposal.loanAmount,
                    proposal.collateralAmount,
                    proposal.questionType,
@>>                 proposal.questionId,
                    proposal.outcome,
                    proposal.interestRatePerSecond,
                    proposal.duration,
                    proposal.validUntil,
                    proposal.salt,
                    proposal.nonce,
                    proposal.proposalType,
                    proposal.protocolFeeBasisPoints
                )
            )
        );
    }

Impact

Non-compliance with the standard. Wrong data types might also lead to problems with signatures, but the main concern is not being compliant.

Tool used

Manual Review

Recommendation

Ensure that questionId has the same type in the hash and in the struct