Fix EIP712 for delegatecalls #2852
Conversation
|
Hello @k06a and thank you for your PR. The code you are pointing to is indeed not designed to be used in the context of delegate calls. If you are building an "implementation" that proxy contract will delegate to, you should use If you have a look at the equivalent upgradeable contract you will see that this caching system is not present. Thus I don't think this is critical, but it might still be a great idea to apply your PR for extra security. |
|
@k06a Have you seen tokens that do delegation outside the context of upgradeability? It is never a good idea to use this package with upgradeable contracts and I don't think we should include this fix because it would be validating that use. |
|
USDC token have permit and is proxy contract. |
|
I would prefer to have this check as extra security to avoid misusage. Misusage could lead to a double spend. |
|
After some thought I think we should go ahead with this. What convinced me is that we currently have a discrepancy in the "this" value that is used in each branch of the if statement (cached vs recreated). Note that this slightly changes the behavior and could be considered a breaking change, but the cases that would be affected would have had the domain separator change anyway. As always, note that upgradeable contracts should be using the Upgradeable version of this contract. A changelog entry is needed before merging. |
|
There is something wrong with Codecov. |
Some tokens do delegate their implementations, this fix would potential double spends.
Let's discuss.