Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Aori 0.3.1 Upgrade>Informational findings>Outdated version in EIP-712 domain separator
GeneralOverview
Findings
Medium (2)
Informational (4)The deposit function with a hook supports native tokensRedundant code in the fill functionRedundant native token--handling logic in _executeDstHook functionOutdated version in EIP-712 domain separator
DiscussionChecks-effects-interactions patternUnnecessary signature in depositNative
DesignComponent: Aori contract (version 0.3.1 upgrade)
Audit ResultsAssessment Results
Category: Coding Mistakes

Outdated version in EIP-712 domain separator

Informational Impact
Informational Severity
N/A Likelihood

Description

The Aori contract has been updated to version 0.3.1, but the version string returned by _domainNameAndVersion remains "0.3.0".

function _domainNameAndVersion()
    internal
    pure
    override
    returns (string memory name, string memory version)
{
    return ("Aori", "0.3.0");
}

Impact

Users signing messages may see incorrect version information in their wallet's signature request, potentially causing confusion about which contract version they are interacting with.

Recommendations

We recommend updating the version string in the EIP-712 domain separator to reflect the current contract version.

function _domainNameAndVersion()
    internal
    pure
    override
    returns (string memory name, string memory version)
{
-    return ("Aori", "0.3.0");
+    return ("Aori", "0.3.1");
}

Remediation

This issue has been acknowledged by Aori, and a fix was implemented in commit 8c931f44.

Zellic © 2025Back to top ↑