Copy Of Lack Of Verification In Hashes

Submitted by (4) MEP, also found by byndooa, Haipls, and minhquanym

Summary:

https://code4rena.com/reports/2022-08-rigor/#m-12-updateprojecthash-does-not-check-project-address

In Project.sol, function updateProjectHash L162, _data (which is signed by builder and/or contractor) does not contain a reference to the project address. In all other external functions of Project.sol, _data contains the address of the project, used in this check: require(_projectAddress == address(this), "Project::!projectAddress");.

Mitigation:

PreviousBypass Signature Validity Check NextFunction May Run Out Of Gas Leading To Loss

Last updated 11 months ago