Kinetic Disclosed Report

Audit report Kinetic Audit Contest

Wrong `DOMAIN_TYPEHASH` definition

Company

Kinetic

Created date

Feb 17 2025

Target

https://github.com/kinetic-market/public-money-market-contracts

Vulnerability Details

The incorrect DOMAIN_TYPEHASH definition breaks the EIP712 standard.

Validation steps

In the build of the DOMAIN TYPEHASH the string version is forgotten. https://github.com/kinetic-market/public-money-market-contracts/blob/main/contracts/Governance/ProtocolTokenStorage.sol#L22

    bytes32 public constant DOMAIN_TYPEHASH = keccak256("EIP712Domain(string name,uint256 chainId,address verifyingContract)");

Acording the EIP 712, in the Definition of domainSeparator:

"string version the current major version of the signing domain. Signatures from different versions are not compatible"

It is recommenced to add string version, to the EIP712Domain string

bytes32 public constant DOMAIN_TYPEHASH = keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)");

CommentsReport History

Comments on this report are hidden

Details

Statedisclosed

Severity

Low

Bounty$143

Visibilitypartially

VulnerabilityOther

Participants (3)

@HP-Triage0x00kyc

company admin

@Bauerkyc

author

@edgarromeblockchaincom

company admin