Skip to content

085.md

Latest commit

 

History

History
81 lines (62 loc) · 2.83 KB

085.md

File metadata and controls

81 lines (62 loc) · 2.83 KB

Powerful Honeysuckle Anteater

Medium

DOMAIN_SEPARATOR is not used. EIP-712 Compliance

Summary

Protocol should be compliant with EIP-712, however the DOMAIN_SEPARATOR in borrowing.sol is never used.

Root Cause

https://github.com/sherlock-audit/2024-11-autonomint/blob/0d324e04d4c0ca306e1ae4d4c65f0cb9d681751b/Blockchain/Blockchian/contracts/Core_logic/borrowing.sol#L112-L113 DOMAIN_SEPARATOR in the initialize function in borrowing.sol is never being used:

    function initialize(
        address usdaAddress,
        address cdsAddress,
        address abondTokenAddress,
        address multiSignAddress,
        address mpoAddress,
        address[] memory collateralAddresses,
        address[] memory tokenAddresses,
        uint64 chainId,
        address globalVariablesAddress
    ) public {
        // Get the total number of collateral addresses
        uint16 noOfCollaterals = uint16(collateralAddresses.length);

        // Initialize the owner of the contract
        // __Ownable_init(msg.sender);
        // Initialize the proxy
        //  __UUPSUpgradeable_init();
        // __EIP712_init(BorrowLib.name, BorrowLib.version);
        usda = IUSDa(usdaAddress);
        cds = CDSInterface(cdsAddress);
        abond = IABONDToken(abondTokenAddress);
        multiSign = IMultiSign(multiSignAddress);
        globalVariables = IGlobalVariables(globalVariablesAddress);
        oracle = BasePriceOracle(mpoAddress);

        // Get the DOMAIN SEPARATOR
@>>     DOMAIN_SEPARATOR =
            keccak256(abi.encode(BorrowLib.PERMIT_TYPEHASH, BorrowLib.name, BorrowLib.version, chainId, address(this)));

        // Loop through the number of collateral address
        for (uint256 i = 0; i < noOfCollaterals; i++) {
            // Assign the value(collateral address) for a key(collateral name ENUM)
            assetAddress[AssetName(i + 1)] = collateralAddresses[i];
        }
        // Loop through the number of collateral address plus token addresses,starting with collateral address length + 1
        for (uint256 i = (noOfCollaterals + 1); i <= (noOfCollaterals + tokenAddresses.length); i++) {
            // Assign the value(token address) for a key(collateral(token) name ENUM)
            assetAddress[AssetName(i)] = tokenAddresses[i - (noOfCollaterals + 1)];
        }
    }

We also have this function https://github.com/sherlock-audit/2024-11-autonomint/blob/0d324e04d4c0ca306e1ae4d4c65f0cb9d681751b/Blockchain/Blockchian/contracts/Core_logic/borrowing.sol#L749-L766 being left out. We only use the one in CDS.sol

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

No response

Impact

No response

PoC

No response

Mitigation

Use the custom DOMAIN_SEPARATOR by overriding the default one, this could be done by overriding _buildDomainSeparator() function