Wrong DOMAIN_SEPARATOR #38
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Lines of code
https://github.com/code-423n4/2022-05-rubicon/blob/521d50b22b41b1f52ff9a67ea68ed8012c618da9/contracts/rubiconPools/BathToken.sol#L199-L210
Vulnerability details
Impact
The
DOMAIN_SEPARATOR
is wrong calculated.Proof of Concept
In the
initialize
method of theBathToken
contract, thename
of the contract is used to calculate theDOMAIN_SEPARATOR
, however said name is set later, so it will use an incorrectname
, making it impossible to calculate theDOMAIN_SEPARATOR
correctly.Affected source code:
Recommended Mitigation Steps
name
before use it.The text was updated successfully, but these errors were encountered: