Support replay protection via block.chainId

[sambacha]

see: yieldprotocol/yield-utils-v2@13ec941

/// constructor 
deploymentChainId = block.chainid;
_DOMAIN_SEPARATOR = _calculateDomainSeparator(block.chainid);


/// ... Return the DOMAIN_SEPARATOR.
return block.chainid == deploymentChainId ? _DOMAIN_SEPARATOR : _calculateDomainSeparator(block.chainid);


/// ...   IERC2612-permit abi.encode
block.chainid == deploymentChainId ? _DOMAIN_SEPARATOR : _calculateDomainSeparator(block.chainid),

[merklejerk]

I don't understand the attack vector here. You sign a permit on a local fork with a different chainId and that gets out?

[sambacha]

I don't understand the attack vector here. You sign a permit on a local fork with a different chainId and that gets out?

here is the thread, sorry! https://twitter.com/bantg/status/1560279527976161282

[merklejerk]

wow, that chain is already cursed 😬

[sambacha]

wow, that chain is already cursed 😬

😂 it’s whatever you think ser, I can submit a PR if you would take it, I thought it best to see what your thoughts were before going any further. I plan on using this in production, so we may have this audited next month. Either way just thought it interesting at the very least!

Thanks again!

[merklejerk]

Yeah, let's do it.

[sambacha]

Yeah, let's do it.

So have been thinking about this over the weekend, wdyt about a helper function to re-sign a message with a spending limit 0 to nullify the previous signature - both can be implemented to be sure, I think this may be helpful as there is no easily revoke permit like there is revoke approvals (eg revoke.cash)

edit: you may actually have to execute the permit function on the relevant erc20 contract and then execute a transaction to increment the nonce. That should verifiably nullify any messages signed before, as there may not be any unambiguous proof otherwise.

[merklejerk]

Why not just call increaseNonce()?

[sambacha]

Why not just call increaseNonce()?

🪡