Lines of code
<https://github.com/code-423n4/2023-07-axelar/blob/2f9b234bb8222d5fbe934beafede56bfb4522641/contracts/its/token-implementations/ERC20Permit.sol#L44-L48>
The StandardizedToken contract inherits the ERC20Permit contract which in the case of an upgradable/proxied Token would allow permits for a previous version of the Token to be used on any subsequent version of it.
NOTE that ERC20Permit is not explicitly in scope but used/inherited by StandardizedToken which is in scope.
The ERC20Permit @ line 44-48 defines the domain separator as follows
function _setDomainTypeSignatureHash(string memory name) internal {
DOMAIN_SEPARATOR = keccak256(
abi.encode(DOMAIN_TYPE_SIGNATURE_HASH, keccak256(bytes(name)), keccak256(bytes('1')), block.chainid, address(this))
);
}
Since the above code would be called by a proxy address(this) will never change, and given that the version is fixed to bytes(‘1’), permits issued before a token implementation upgrade would still be valid after the upgrade.
n/a
Allow version to be increased between upgrades to ensure a distinct DOMAIN_SEPARATOR at each upgrade.
Access Control
The text was updated successfully, but these errors were encountered:
All reactions