Skip to content

Latest commit

 

History

History
48 lines (26 loc) · 2.7 KB

019.md

File metadata and controls

48 lines (26 loc) · 2.7 KB
Raw

Handsome Lemon Tapir

Medium

Using an immutable DOMAIN_SEPARATOR will invalidate signatures upon hardfork or possible replay attack.

Summary

Using block.chainid to calculate the immutable DOMAIN_SEPARATOR in the constructors of both VVVVCInvestmentLedger.sol and VVVVCTokenDistributor.sol will cause signatures to become invalid after a hardfork, as the chain ID value changes but the DOMAIN_SEPARATOR remains immutable.

Root Cause

In the constructors of VVVVCInvestmentLedger.sol and VVVVCTokenDistributor.sol, the DOMAIN_SEPARATOR is calculated using block.chainid and marked as immutable. This becomes problematic if a blockchain undergoes a hardfork, changing the chainid. Since the DOMAIN_SEPARATOR is immutable, it retains the old chainid, leading to invalid signatures and could cause possible replay attacks.

Internal pre-conditions

No response

External pre-conditions

A blockchain hardfork that changes the chainid occurs.

Attack Path

No response

Impact

The users cannot successfully verify signatures as the DOMAIN_SEPARATOR is incorrect due to the use of an outdated chainid. This results in the inability to execute functions relying on valid signatures, such as claim or invest, rendering portions of the contracts non-functional.

PoC

Observe the constructors:

As we can see the chainId is derived and then hardcoded in DOMAIN_SEPARATOR. so after hard fork, DOMAIN_SEPARATOR value will remain same and point to incorrect chainId

Mitigation

Instead of using an immutable DOMAIN_SEPARATOR initialized with block.chainid in the constructor, introduce a function to allow updating the DOMAIN_SEPARATOR in case of a hardfork or use a mechanism that dynamically generates the DOMAIN_SEPARATOR during signature verification.