Skip to content

C4 S-470 Do not cache chain id #81

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
shunkakinoki merged 2 commits into from
Nov 27, 2025
Merged

C4 S-470 Do not cache chain id #81

shunkakinoki merged 2 commits into from
Nov 27, 2025

Conversation

@ScreamingHawk
Copy link
Contributor

@ScreamingHawk ScreamingHawk commented Nov 26, 2025

S-470 Signature Validation Permanently Bricked by Stale chainid in DOMAIN_SEPARATOR

https://code4rena.com/audits/2025-11-sequence-transaction-rails/submissions/S-470

Issue: Chain id is hashed and cached, causing issues if chain ever updates the chain id.

Analysis: If a chain ever forks and updates it's chain id the new chain will continue to expect the old chain id. This is a very unlikely scenario, however as we work with new custom chain provider we have had clients suggest such an approach to fix state issues.

Fix: Calculate domain separator using chain id at runtime.

Note: I've retained the function DOMAIN_SEPARATOR() public for backwards compatibility with integrations. This is probably not necessary

@ScreamingHawk ScreamingHawk requested a review from a team November 26, 2025 19:00
shunkakinoki
shunkakinoki approved these changes Nov 26, 2025
View reviewed changes
Copy link
Collaborator

@shunkakinoki shunkakinoki left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🙏

Agusx1211
Agusx1211 approved these changes Nov 27, 2025
View reviewed changes
Copy link
Member

@Agusx1211 Agusx1211 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM too

@shunkakinoki shunkakinoki merged commit 7a45b1e into master Nov 27, 2025
1 check passed
@shunkakinoki shunkakinoki deleted the c4-s470 branch November 27, 2025 12:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Agusx1211 Agusx1211 Agusx1211 approved these changes

@shunkakinoki shunkakinoki shunkakinoki approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ScreamingHawk @Agusx1211 @shunkakinoki