Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The domain separator is not calculated properly #313

Closed
c4-submissions opened this issue Sep 14, 2023 · 3 comments
Closed

The domain separator is not calculated properly #313

c4-submissions opened this issue Sep 14, 2023 · 3 comments
Labels
2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working duplicate-146 edited-by-warden satisfactory satisfies C4 submission criteria; eligible for awards sufficient quality report This report is of sufficient quality

Comments

@c4-submissions
Copy link
Contributor

c4-submissions commented Sep 14, 2023
edited by code4rena-admin
Loading

Lines of code

https://github.com/code-423n4/2023-09-centrifuge/blob/512e7a71ebd9ae76384f837204216f26380c9f91/src/token/ERC20.sol#L42-L49

Vulnerability details

Impact

The domain separator is not properly calculated in the constructor - as it does not take into calculation name - which is not yet initialized.

The similar issue had been evaluated as Medium during the previous Code4rena audits:

Moreover, please notice, that this issue is not the same as my other report: #306
The current issue is about incorrectly setting the domain separator on contract deployment. The root cause of this issue lies inside constructor(), as domain separator is being initialized before name.
While the other issue (#306) is about not updating domain separator, when name is changed. The root cause of that issue lies inside file() - whenever we call to change the name, the domain separator should be updated too.
The remediation for this issue is to update constructor(), while remediation for issue #306 is to update code inside file().

Proof of Concept

File: src/token/ERC20.sol

    constructor(uint8 decimals_) {
        decimals = decimals_;
        wards[_msgSender()] = 1;
        emit Rely(_msgSender());

        deploymentChainId = block.chainid;
        _DOMAIN_SEPARATOR = _calculateDomainSeparator(block.chainid);
    }

The constructor() calculates the domain separator, before initializing name.

Tools Used

Manual code review

Recommended Mitigation Steps

Initialize name before calculating domain separator

Assessed type

Other
@c4-submissions c4-submissions added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working labels Sep 14, 2023
c4-submissions added a commit that referenced this issue Sep 14, 2023
@c4-submissions
lsaudit issue #313
94f8615
@code4rena-admin code4rena-admin mentioned this issue Sep 14, 2023
Closed
@c4-pre-sort c4-pre-sort added the sufficient quality report This report is of sufficient quality label Sep 15, 2023
@c4-pre-sort
Copy link

raymondfam marked the issue as sufficient quality report

@c4-pre-sort
Copy link

raymondfam marked the issue as duplicate of #146

@c4-judge c4-judge added the satisfactory satisfies C4 submission criteria; eligible for awards label Sep 26, 2023
@c4-judge
Copy link

gzeon-c4 marked the issue as satisfactory

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working duplicate-146 edited-by-warden satisfactory satisfies C4 submission criteria; eligible for awards sufficient quality report This report is of sufficient quality
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@c4-judge @c4-pre-sort @c4-submissions @code4rena-admin