Skip to content

Latest commit

 

History

History
72 lines (48 loc) · 2.7 KB

014.md

File metadata and controls

72 lines (48 loc) · 2.7 KB
Raw

Crazy Chocolate Lobster

Medium

ChainId is hardcoded in the calculation of the DOMAIN_SEPARATOR within the constructor, which can enable replay attacks in case of a hard fork.

Summary

In both VVVVCInvestmentLedger.sol and VVVVCTokenDistributor.sol, the chainId used to calculate the DOMAIN_SEPARATOR for EIP712 is set in the constructor, making it hardcoded. This poses a risk in the event of a hard fork, as the DOMAIN_SEPARATOR value would become invalid. If the chainId remains the same after a hard fork, it could lead to incorrect behavior and potential replay attacks.

Root Cause

We'll use VVVVCTokenDistributor.sol to illustrate the issue, but the same concern applies to VVVVCInvestmentLedger.sol.

The constructor is implemented as follows:

constructor(
        address _signer,
        string memory _environmentTag,
        address _authorizationRegistryAddress,
        uint256 _exchangeRateDenominator
    ) VVVAuthorizationRegistryChecker(_authorizationRegistryAddress) {
        signer = _signer;
        exchangeRateDenominator = _exchangeRateDenominator;

        // EIP-712 domain separator
        DOMAIN_SEPARATOR = keccak256(
            abi.encode(
                DOMAIN_TYPEHASH,
                keccak256(abi.encodePacked("VVV", _environmentTag)),
@>              block.chainid,
                address(this)
            )
        );
    }

  1. As we can see the chainId is derived and then hardcoded in DOMAIN_SEPARATOR.

  2. This means even after hard fork, DOMAIN_SEPARATOR value will remain same and point to incorrect chainId.

An attacker could exploit this vulnerability to perform replay attacks, such as calling claim() in both chains.

According to the protocol specifications, it will be deployed across 6 different chains, increasing the potential impact of this issue.

Eth, base, bnb, avalanche, polkadot, arbitrum

This heightens the risk that a hard fork could enable replay attacks.

Internal pre-conditions

None.

External pre-conditions

Chain hard fork.

Attack Path

  1. A chain undergoes a hard fork.
  2. An attacker exploits the fork by executing a replay attack across chains calling claim().
  3. The attacker claims rewards twice: once on the main chain and again on the forked chain.

Impact

A hard fork would enable the possibility of replay attacks.

PoC

The preceding sections demonstrated this issue.

Mitigation

To resolve this issue, the DOMAIN_SEPARATOR should be dynamically recomputed using the current chainId value each time.