Description
Lines of code
Vulnerability details
in function deployHolographableContract the bytes32 hash is directly encoded without adding any domain separator .
this will cause several issues
an attacker can front run the signature and use them on same contract on another chain . eg a user wants to call deployHolographableContract in polygon network . an attacker use same signature and make the same transaction in another network that holograph exists .
an attacker can front run the signature from different holograph 's contracts . let's imagine there is a HolographFactory.sol that was containing a vulnerability so another contract will be made using same source code that does not contain the issue . A user callls deployHolographableContract and interact with the fixed one contract . attacker sees the tx and execute it using same signature on the contract that had vulnerability .
an attacker can front run the signature from another project that had same hash type and use it to execute deployHolographableContract .
recommendation :
1.) There is always a domain separator that includes the contract address.
2.) The chain ID is included in the domain separator
3.) There is a type hash (of the function name / parameters)
4.) The domain separator does not allow reuse across different projects, phishing with an innocent