Wrong DOMAIN_SEPERATOR calculation in initialize() of BathToken because of using uninitialized name #199
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate
This issue or pull request already exists
Lines of code
https://github.com/code-423n4/2022-05-rubicon/blob/8c312a63a91193c6a192a9aab44ff980fbfd7741/contracts/rubiconPools/BathToken.sol#L195-L210
Vulnerability details
Impact
DOMAIN_SEPERATOR
were calculated with wrong values (name
value set after using it), so all the logics based onDOMAIN_SEPERATOR
is not going to work properly.Proof of Concept
This is where code calculates
DOMAIN_SEPERATOR
:As you can see the value of
name
has been set after using it inDOMAIN_SEPARATOR
calculation.Tools Used
VIM
Recommended Mitigation Steps
set
name
value before using itThe text was updated successfully, but these errors were encountered: