Eip712Validator.ts is lacking some checks

Question

Eip712Validator.ts is lacking some checks

Closed this issue 2 years ago · 0 comments

In Eip712Validator.ts.validateRequest()
Eip712AttesationRequest.ts.checkValidity()
Eip712AttesationRequestWithUsage.ts.checkValidity()
token-authenticator does not validate chainID, verifying contract or salt, whereas this is validated in the equivalent classes in attestation.jar. It means that signed requests can be used on any contract or chain in the future.

See section 2.2.3 in the Token-negotiator report.
See (Jira issue 291)[https://smarttokenlabs.atlassian.net/browse/PR-291].