Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

xiaoming90 - EIP 712 is not implemented for the Edition contract. #282

Closed
sherlock-admin3 opened this issue Apr 26, 2024 · 10 comments
Closed

xiaoming90 - EIP 712 is not implemented for the Edition contract. #282

sherlock-admin3 opened this issue Apr 26, 2024 · 10 comments
Labels
Escalation Resolved This issue's escalations have been approved/rejected Non-Reward This issue will not receive a payout Sponsor Disputed The sponsor disputed this issue's validity Won't Fix The sponsor confirmed this issue will not be fixed

Comments

@sherlock-admin3
Copy link
Contributor

sherlock-admin3 commented Apr 26, 2024
edited by sherlock-admin2
Loading

xiaoming90

medium

EIP 712 is not implemented for the Edition contract.

Summary

EIP 712 is not implemented for the Edition contract.

Vulnerability Detail

The Contest's README stated that EIP 712 must be strictly implemented for the Edition contract. Thus, in the context of this audit contest, any non-compliance is considered a valid Medium issue. Note that the Contest's README supersedes Sherlock's judging rules per Sherlock's Hierarchy of truth.

Is the codebase expected to comply with any EIPs? Can there be/are there any deviations from the specification?

strict implementation of EIPs
1271 (Graph), 712 (Graph, Edition), 2981 (Edition), 1155 (Edition)

However, when reviewing the Edition contract, it was observed that EIP 712 is not implemented for the Edition contract. Thus, breaking the above requirement.

https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/editions/Edition.sol#L36

File: Edition.sol
34: /// @title Edition
35: /// @notice An ERC1155 contract representing a collection of related works. Each work is represented by a token ID.
36: contract Edition is IEdition, ERC1155, ERC2981, Initializable, OwnableRoles {
37:     using SafeTransferLib for address;
..SNIP..

Impact

EIP 712 is not implemented for the Edition contract.

Code Snippet

https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/editions/Edition.sol#L36

Tool used

Manual Review

Recommendation

Consider implementing EIP 712 for the Edition contract.
@sherlock-admin3 sherlock-admin3 added Sponsor Disputed The sponsor disputed this issue's validity Won't Fix The sponsor confirmed this issue will not be fixed labels Apr 29, 2024
@github-actions github-actions bot added the Medium A valid Medium severity issue label May 6, 2024
@pqseags
Copy link

pqseags commented May 8, 2024

This seems valid based on the Readme

@sherlock-admin3 sherlock-admin3 added Sponsor Confirmed The sponsor acknowledged this issue is valid and removed Sponsor Disputed The sponsor disputed this issue's validity labels May 8, 2024
@Hash01011122
Copy link
Collaborator

Seems borderline low/medium

This was referenced May 12, 2024
Open
Closed
Closed
Closed
Closed
@sherlock-admin2 sherlock-admin2 changed the title Winning Scarlet Yeti - EIP 712 is not implemented for the Edition contract. xiaoming90 - EIP 712 is not implemented for the Edition contract. May 12, 2024
@sherlock-admin2 sherlock-admin2 added the Reward A payout will be made for this issue label May 12, 2024
@0x73696d616f
Copy link

Escalate

Should be low as it does not have any impact. EIP712 issues are valid when it causes problems due to not being able to correctly sign signatures, but this is not the case here.

@sherlock-admin3
Copy link
Contributor Author

Escalate

Should be low as it does not have any impact. EIP712 issues are valid when it causes problems due to not being able to correctly sign signatures, but this is not the case here.

You've created a valid escalation!

To remove the escalation from consideration: Delete your comment.

You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.

@sherlock-admin4 sherlock-admin4 added the Escalated This issue contains a pending escalation label May 12, 2024
@realfugazzi
Copy link

Agree with invalidation reason, looks like a feature request.

@cducrest
Copy link

cducrest commented May 13, 2024
edited
Loading

EIP712 does not define an interface contract or anything in the like, it is about hashing and signing typed structured data. This issue does not indicate any non-compliance with EIP712. It seems to be pointed that the contract does not inherit from an IEIP712 interface or the like, which is not a problem considering EIP712.

See https://eips.ethereum.org/EIPS/eip-712.
See also Solady's implementation of EIP712 which defines only one public function eip712Domain() defined in EIP5267 and not EIP712: https://github.com/vectorized/solady/blob/main/src/utils/EIP712.sol
https://eips.ethereum.org/EIPS/eip-5267

@WangSecurity
Copy link
Collaborator

Agree with the escalation. Planning to accept it and invalidate the issue, unless someone shows and proves how it effects external integrations.

@Hash01011122
Copy link
Collaborator

Agree with the escalation this is indeed low

@Evert0x Evert0x closed this as completed May 20, 2024
@Evert0x Evert0x removed the Medium A valid Medium severity issue label May 20, 2024
@sherlock-admin2 sherlock-admin2 added Non-Reward This issue will not receive a payout and removed Reward A payout will be made for this issue labels May 20, 2024
@Evert0x
Copy link

Evert0x commented May 20, 2024

Result:
Invalid
Unique

@sherlock-admin2 sherlock-admin2 removed the Escalated This issue contains a pending escalation label May 20, 2024
@sherlock-admin3 sherlock-admin3 added the Escalation Resolved This issue's escalations have been approved/rejected label May 20, 2024
@sherlock-admin4
Copy link
Contributor

Escalations have been resolved successfully!

Escalation status:

@sherlock-admin3 sherlock-admin3 removed the Sponsor Confirmed The sponsor acknowledged this issue is valid label May 29, 2024
@sherlock-admin3 sherlock-admin3 added the Sponsor Disputed The sponsor disputed this issue's validity label May 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Escalation Resolved This issue's escalations have been approved/rejected Non-Reward This issue will not receive a payout Sponsor Disputed The sponsor disputed this issue's validity Won't Fix The sponsor confirmed this issue will not be fixed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
10 participants
@pqseags @cducrest @Evert0x @0x73696d616f @Hash01011122 @WangSecurity @sherlock-admin2 @realfugazzi @sherlock-admin3 @sherlock-admin4