The PredictDoLoan contract is not fully compliant with EIP-1271.
Summary
The PredictDotLoan contract is not fully compliant with EIP-1271.
Root Cause
The _assertValidSignature function checks !SignatureChecker.isValidSignatureNow(...) implies that isValidSignatureNow should return a boolean value indicating whether the signature is valid. If it returns false, it reverts with InvalidSignature. However, this is different from the ERC-1271 specification, which requires returning a specific magic value rather than a boolean.
Internal pre-conditions
No response
External pre-conditions
It relies on a boolean return instead of checking for the ERC-1271 magic value (0x1626ba7e).
You can visit the official website of EIP-1271 standard here..
Attack Path
No response
Impact
Since the protocol is expected to be fully compliant with EIP-1271 mentioned in readme.
The contract is expected to strictly comply with EIP-712 and EIP-1271.
Flare
Medium
The
PredictDoLoancontract is not fully compliant with EIP-1271.Summary
The
PredictDotLoancontract is not fully compliant with EIP-1271.Root Cause
The
_assertValidSignaturefunction checks!SignatureChecker.isValidSignatureNow(...)implies that isValidSignatureNow should return a boolean value indicating whether the signature is valid. If it returns false, it reverts with InvalidSignature. However, this is different from the ERC-1271 specification, which requires returning a specific magic value rather than a boolean.Internal pre-conditions
No response
External pre-conditions
It relies on a boolean return instead of checking for the ERC-1271 magic value (0x1626ba7e). You can visit the official website of EIP-1271 standard here..
Attack Path
No response
Impact
Since the protocol is expected to be fully compliant with EIP-1271 mentioned in readme.
PoC
https://github.com/sherlock-audit/2024-09-predict-fun/blob/main/predict-dot-loan/contracts/PredictDotLoan.sol#L1395C4-L1399C6
Mitigation
Consider making changes as stated above in EIP-1271 standard official website.